Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Please help, being hijacked while web surfing...  (Read 31157 times)

0 Members and 1 Guest are viewing this topic.

jwfilion

    Topic Starter


    Intermediate

    Please help, being hijacked while web surfing...
    « on: October 01, 2010, 04:51:14 PM »
    Could someone please help me with this irritating problem. I believed it was the Google search redirect virus. I did a search on it, but It does not seem to be the exact same thing. Every fourth or fifth web page I go to, gets redirected to a different page, but there are no porn or ad sites, just the following custom search engine:

    http://img.villagephotos.com/p/2006-8/1209601/Googled.jpg

    It started a few weeks ago and I have tried every conceivable thing I could think of to get rid of it, even the self help section, but to no avail. The address is always the following www.landing.savetubevideo.com and is interesting in that a few weeks before, I downloaded the program "SaveTubeVideo" to save YouTube videos to my desktop. No sooner had I done so, a good friend suggested another called "KeepVid". I tried it, liked it and erased the first from my computer or so it seemed.

    I have done all the steps your site has suggested and have the logs available, should anyone ask for them. Any response will be greatly appreciated.


    Mind Computer Products
    Intel Celeron 1.80GHz
    2 GB Ram
    WinXP Home / SP2
    Mainboard ECS P4VMM2
    S3 Graphics ProSavageDDR
    Vinyl AC'97 Audio
    Mozilla Firefox
    AVG free,
    PC Tools Firewall PlusSpybot,
    StopZilla, Ad-aware, SUPERAntiSpyware
    CCleaner, HyJackthis, Malwarebytes' Anti-Malware
    Hitman Pro, SpyBlaster

    harry 48



      Egghead

    • lay back , relax and chill out
    • Thanked: 129
      • Yes
      • Yes
      • Yes
      • Dribbling Pensioner
    • Certifications: List
    • Experience: Familiar
    • OS: Windows 7
    Re: Please help, being hijacked while web surfing...
    « Reply #1 on: October 02, 2010, 12:31:25 PM »
    you must post all 3 logs to get help from an expert

    Azzaboi



      Apprentice
    • Aaron's Game Zone
    • Thanked: 37
      • Aaron's Game Zone
    • Experience: Experienced
    • OS: Windows 7
    Re: Please help, being hijacked while web surfing...
    « Reply #2 on: October 02, 2010, 01:39:49 PM »
    I'm not an expert so plese ignore acting on the following (as I'm not allowed to help you in this topic)...

    ADVICE DELETED BY ALLAN


    Follow the 'experts' advice in order to remove.
    « Last Edit: October 02, 2010, 01:50:39 PM by Allan »
    Aaron's Game Zone
    The best free online flash games: http://azzaboi.weebly.com

    Play Games - Play free games at Play Games Arcade

    Allan

    • Moderator

    • Mastermind
    • Thanked: 1260
    • Experience: Guru
    • OS: Windows 10
    Re: Please help, being hijacked while web surfing...
    « Reply #3 on: October 02, 2010, 01:43:10 PM »
    You are not permitted to provide advice in this thread and you know it. Warning sent.

    Azzaboi



      Apprentice
    • Aaron's Game Zone
    • Thanked: 37
      • Aaron's Game Zone
    • Experience: Experienced
    • OS: Windows 7
    Re: Please help, being hijacked while web surfing...
    « Reply #4 on: October 02, 2010, 01:49:33 PM »
    Whatever - I wasn't providing advice on how to remove it and clearly said wait for an expert to help you remove it, which is not breaking the rules. If I'm not even allow to say what is it, why do you guys even allow access here? Block it... then maybe no one will provide any help.
    Aaron's Game Zone
    The best free online flash games: http://azzaboi.weebly.com

    Play Games - Play free games at Play Games Arcade

    jwfilion

      Topic Starter


      Intermediate

      Re: Please help, being hijacked while web surfing...
      « Reply #5 on: October 02, 2010, 07:23:42 PM »
      Sorry, I had assumed that I needed permission to post the logs. I shall do so now...


      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 09/27/2010 at 04:14 AM

      Application Version : 4.43.1000

      Core Rules Database Version : 5583
      Trace Rules Database Version: 3395

      Scan type       : Complete Scan
      Total Scan Time : 02:25:16

      Memory items scanned      : 501
      Memory threats detected   : 0
      Registry items scanned    : 6305
      Registry threats detected : 0
      File items scanned        : 108058
      File threats detected     : 19

      Adware.Tracking Cookie
         .statcounter.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         sales.liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         sales.liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         *Blocked Russian URL* [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         *Blocked Russian URL* [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .bs.serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         .stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
         www.stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]



      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Database version: 4699

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 7.0.5730.11

      9/29/2010 3:23:41 AM
      mbam-log-2010-09-29 (03-23-41).txt

      Scan type: Quick scan
      Objects scanned: 1
      Time elapsed: 8 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 9:00:05 PM, on 9/30/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.17080)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\AVG\AVG9\avgchsvx.exe
      C:\Program Files\AVG\AVG9\avgrsx.exe
      C:\Program Files\AVG\AVG9\avgcsrvx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\AVG\AVG9\avgwdsvc.exe
      C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\PC Tools Firewall Plus\FWService.exe
      C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\KMaestro\KMaestro.exe
      C:\WINDOWS\essspk.exe
      C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
      C:\PROGRA~1\AVG\AVG9\avgtray.exe
      C:\Program Files\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
      C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Common Files\Sonic Shared\CineTray.exe
      C:\Program Files\AVG\AVG9\avgemc.exe
      C:\Program Files\AVG\AVG9\avgnsx.exe
      C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
      C:\Program Files\AVG\AVG9\avgcsrvx.exe
      C:\Program Files\STOPzilla!\STOPzilla.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R3 - Default URLSearchHook is missing
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\MTSACC~1\PRPL_I~1.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
      O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
      O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
      O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
      O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
      O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
      O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
      O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
      O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
      O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
      O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
      O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
      O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

      --
      End of file - 7071 bytes



      harry 48



        Egghead

      • lay back , relax and chill out
      • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: Please help, being hijacked while web surfing...
      « Reply #6 on: October 03, 2010, 08:38:36 AM »
      jwfilion , thats fine now a malware expert will help you , do not take advice from any-one else

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Please help, being hijacked while web surfing...
      « Reply #7 on: October 03, 2010, 12:13:44 PM »
        Hello and welcome to
      Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

      Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

      Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

      Exit out of MessengerDisable then delete the two files that were put on the desktop.

      ***************************************

      Please download ComboFix from BleepingComputer.com

      Alternate link: GeeksToGo.com

      Rename ComboFix.exe to commy.exe before you save it to your Desktop
      Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
      Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
      As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

      Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


      Click on Yes, to continue scanning for malware.
      When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

      If you have problems with ComboFix usage, see How to use ComboFix

      Windows 8 and Windows 10 dual boot with two SSD's

      jwfilion

        Topic Starter


        Intermediate

        Re: Please help, being hijacked while web surfing...
        « Reply #8 on: October 03, 2010, 04:58:32 PM »
        Mayday! Mayday! SuperDave, I did as required in the preceeding post, but ComboFix does'nt do anything other than tell me I have the wrong OS?! I have XP home SP3. Below is the error message.

        http://img.villagephotos.com/p/2006-8/1209601/Error.jpg

        It appears that I may have bigger problems than an errant browser.

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Please help, being hijacked while web surfing...
        « Reply #9 on: October 03, 2010, 07:35:25 PM »
        Ok. It could be the infection blocking ComboFix. Let's try this.

        Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

        Navigate to Start --> Run, and enter the following command exactly as shown:

        "%userprofile%\desktop\blackpudding.bat" /killall

        See if ComboFix will run now
        Windows 8 and Windows 10 dual boot with two SSD's

        jwfilion

          Topic Starter


          Intermediate

          Re: Please help, being hijacked while web surfing...
          « Reply #10 on: October 03, 2010, 11:25:09 PM »
          Thanks SuperDave, that got it running. Below is the log.


          ComboFix 10-10-02.02 - Wayne 10/03/2010  23:40:56.1.1 - x86
          Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1366 [GMT -5:00]
          Running from: C:\Documents and Settings\Wayne\desktop\blackpudding.bat
          Command switches used :: /killall
          AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
          FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\V2T10.tmp
          C:\V2TB.tmp
          C:\V2TD.tmp
          C:\WINDOWS\a3kebook.ini
          C:\WINDOWS\akebook.ini
          C:\WINDOWS\ANS2000.INI
          C:\WINDOWS\system32\_005128_.tmp.dll
          C:\WINDOWS\system32\_005129_.tmp.dll
          C:\WINDOWS\system32\_005130_.tmp.dll
          C:\WINDOWS\system32\_005131_.tmp.dll
          C:\WINDOWS\system32\_005136_.tmp.dll
          C:\WINDOWS\system32\_005137_.tmp.dll
          C:\WINDOWS\system32\_005138_.tmp.dll
          C:\WINDOWS\system32\_005139_.tmp.dll
          C:\WINDOWS\system32\_005140_.tmp.dll
          C:\WINDOWS\system32\_005141_.tmp.dll
          C:\WINDOWS\system32\_005142_.tmp.dll
          C:\WINDOWS\system32\_005143_.tmp.dll
          C:\WINDOWS\system32\_005144_.tmp.dll
          C:\WINDOWS\system32\_005146_.tmp.dll
          C:\WINDOWS\system32\_005147_.tmp.dll
          C:\WINDOWS\system32\_005149_.tmp.dll
          C:\WINDOWS\system32\_005150_.tmp.dll
          C:\WINDOWS\system32\_005151_.tmp.dll
          C:\WINDOWS\system32\_005153_.tmp.dll
          C:\WINDOWS\system32\_005156_.tmp.dll
          C:\WINDOWS\system32\_005157_.tmp.dll
          C:\WINDOWS\system32\_005159_.tmp.dll
          C:\WINDOWS\system32\_005160_.tmp.dll
          C:\WINDOWS\system32\_005161_.tmp.dll
          C:\WINDOWS\system32\_005162_.tmp.dll
          C:\WINDOWS\system32\_005163_.tmp.dll
          C:\WINDOWS\system32\_005164_.tmp.dll
          C:\WINDOWS\system32\_005166_.tmp.dll
          C:\WINDOWS\system32\_005167_.tmp.dll
          C:\WINDOWS\system32\_005168_.tmp.dll
          C:\WINDOWS\system32\_005169_.tmp.dll
          C:\WINDOWS\system32\_005170_.tmp.dll
          C:\WINDOWS\system32\_005171_.tmp.dll
          C:\WINDOWS\system32\_005172_.tmp.dll
          C:\WINDOWS\system32\_005173_.tmp.dll
          C:\WINDOWS\system32\_005175_.tmp.dll
          C:\WINDOWS\system32\_005176_.tmp.dll
          C:\WINDOWS\system32\_005177_.tmp.dll
          C:\WINDOWS\system32\_005178_.tmp.dll
          C:\WINDOWS\system32\_005179_.tmp.dll
          C:\WINDOWS\system32\_005181_.tmp.dll
          C:\WINDOWS\system32\_005182_.tmp.dll
          C:\WINDOWS\system32\_005184_.tmp.dll
          C:\WINDOWS\system32\_005185_.tmp.dll
          C:\WINDOWS\system32\_005186_.tmp.dll
          C:\WINDOWS\system32\_005187_.tmp.dll
          C:\WINDOWS\system32\_005188_.tmp.dll
          C:\WINDOWS\system32\_005189_.tmp.dll
          C:\WINDOWS\system32\_005191_.tmp.dll
          C:\WINDOWS\system32\_005194_.tmp.dll
          C:\WINDOWS\system32\_005195_.tmp.dll
          C:\WINDOWS\system32\_005199_.tmp.dll
          C:\WINDOWS\system32\_005200_.tmp.dll
          C:\WINDOWS\system32\_005202_.tmp.dll
          C:\WINDOWS\system32\_005205_.tmp.dll
          C:\WINDOWS\system32\_005206_.tmp.dll
          C:\WINDOWS\system32\_005207_.tmp.dll
          C:\WINDOWS\system32\_005208_.tmp.dll
          C:\WINDOWS\system32\_005209_.tmp.dll
          C:\WINDOWS\system32\_005210_.tmp.dll
          C:\WINDOWS\system32\_005213_.tmp.dll
          C:\WINDOWS\system32\_005214_.tmp.dll
          C:\WINDOWS\system32\_005215_.tmp.dll
          C:\WINDOWS\system32\_005216_.tmp.dll
          C:\WINDOWS\system32\_005217_.tmp.dll
          C:\WINDOWS\system32\_005222_.tmp.dll
          C:\WINDOWS\system32\_005224_.tmp.dll
          C:\WINDOWS\system32\_005225_.tmp.dll
          C:\WINDOWS\system32\ReadMe.txt
          C:\WINDOWS\system32\spool\prtprocs\w32x86\Ppbiproc.dll

          .
          (((((((((((((((((((((((((   Files Created from 2010-09-04 to 2010-10-04  )))))))))))))))))))))))))))))))
          .

          2010-09-29 19:13:05 . 2010-10-04 02:57:44   --------   d-----w-   C:\Program Files\Mozilla Thunderbird
          2010-09-26 20:50:41 . 2010-09-26 20:51:39   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
          2010-09-26 20:46:02 . 2009-11-23 18:54:20   88040   ----a-w-   C:\WINDOWS\system32\drivers\PCTAppEvent.sys
          2010-09-26 20:46:02 . 2009-11-09 16:20:12   207792   ----a-w-   C:\WINDOWS\system32\drivers\PCTCore.sys
          2010-09-26 20:45:54 . 2010-01-07 17:40:26   233136   ----a-w-   C:\WINDOWS\system32\drivers\pctgntdi.sys
          2010-09-26 20:44:31 . 2010-09-26 20:46:02   --------   d-----w-   C:\Program Files\Common Files\PC Tools
          2010-09-26 20:44:31 . 2010-01-12 14:34:14   70664   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
          2010-09-26 20:44:31 . 2010-01-07 16:35:06   58816   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis.sys
          2010-09-26 20:44:31 . 2010-01-07 16:35:02   32680   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis-DNS.sys
          2010-09-26 20:44:28 . 2010-01-13 13:59:28   115216   ----a-w-   C:\WINDOWS\system32\drivers\pctplfw.sys
          2010-09-26 20:44:25 . 2010-09-28 03:24:55   --------   d-----w-   C:\Program Files\PC Tools Firewall Plus
          2010-09-26 09:53:45 . 2010-09-26 09:54:04   --------   d-----w-   C:\Program Files\CCleaner
          2010-09-26 01:14:05 . 2010-09-25 19:55:24   1129120   ----a-w-   C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
          2010-09-25 15:43:30 . 2010-09-25 15:43:31   262144   ----a-w-   C:\Documents and Settings\ntuser.dat
          2010-09-25 15:42:24 . 2010-09-25 15:42:27   --------   d-----w-   C:\Program Files\STOPzilla!
          2010-09-25 15:42:23 . 2010-10-04 05:00:12   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\STOPzilla!
          2010-09-25 15:42:23 . 2010-09-25 15:42:23   --------   d-----w-   C:\Program Files\Common Files\iS3
          2010-09-25 05:00:27 . 2010-09-25 05:00:36   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
          2010-09-24 16:25:08 . 2010-09-25 19:46:42   --------   d-----w-   C:\Program Files\UnHackMe
          2010-09-24 15:57:40 . 2010-09-24 16:26:37   2   --shatr-   C:\WINDOWS\winstart.bat
          2010-09-24 01:33:42 . 2010-09-24 01:33:42   12872   ----a-w-   C:\WINDOWS\system32\bootdelete.exe
          2010-09-24 01:26:06 . 2010-09-24 23:39:07   16968   ----a-w-   C:\WINDOWS\system32\drivers\hitmanpro35.sys
          2010-09-24 01:23:25 . 2010-09-24 01:33:40   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Hitman Pro
          2010-09-24 01:23:20 . 2010-09-24 01:23:20   --------   d-----w-   C:\Program Files\Hitman Pro 3.5
          2010-09-21 06:28:15 . 2010-09-21 06:28:15   --------   d-----w-   C:\Program Files\ESET
          2010-09-20 23:08:16 . 2010-09-20 23:08:16   546256   ----a-r-   C:\WINDOWS\system32\SZComp5.dll
          2010-09-20 23:08:16 . 2010-09-20 23:08:16   22992   ----a-r-   C:\WINDOWS\system32\SZIO5.dll
          2010-09-20 23:08:16 . 2010-09-20 23:08:16   132560   ----a-r-   C:\WINDOWS\system32\IS3HTUI5.dll
          2010-09-20 23:08:14 . 2010-09-20 23:08:14   99792   ----a-r-   C:\WINDOWS\system32\IS3Svc5.dll
          2010-09-20 23:08:14 . 2010-09-20 23:08:14   67024   ----a-r-   C:\WINDOWS\system32\IS3Hks5.dll
          2010-09-20 23:08:14 . 2010-09-20 23:08:14   452048   ----a-r-   C:\WINDOWS\system32\SZBase5.dll
          2010-09-20 23:08:14 . 2010-09-20 23:08:14   398800   ----a-r-   C:\WINDOWS\system32\IS3DBA5.dll
          2010-09-20 23:08:14 . 2010-09-20 23:08:14   28624   ----a-r-   C:\WINDOWS\system32\IS3XDat5.dll
          2010-09-20 23:08:12 . 2010-09-20 23:08:12   99792   ----a-r-   C:\WINDOWS\system32\IS3Inet5.dll
          2010-09-20 23:08:12 . 2010-09-20 23:08:12   738768   ----a-r-   C:\WINDOWS\system32\IS3Base5.dll
          2010-09-20 23:08:12 . 2010-09-20 23:08:12   390608   ----a-r-   C:\WINDOWS\system32\IS3UI5.dll
          2010-09-20 23:08:12 . 2010-09-20 23:08:12   230864   ----a-r-   C:\WINDOWS\system32\IS3Win325.dll
          2010-09-16 00:51:20 . 2010-09-16 00:51:29   --------   d-----w-   C:\Program Files\WinPcap

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2010-10-04 05:02:48 . 2010-10-04 05:02:09   728   ----a-w-   C:\WINDOWS\system32\drivers\kgpcpy.cfg
          2010-10-04 05:02:24 . 2010-10-04 05:02:24   80   ----a-w-   C:\WINDOWS\system32\drivers\kgpfr2.cfg
          2010-10-04 05:01:17 . 2009-01-09 03:27:56   --------   d---a-w-   C:\Documents and Settings\All Users\Application Data\TEMP
          2010-10-01 19:35:52 . 2010-05-28 05:29:12   --------   d-----w-   C:\Program Files\MTS Accelerator
          2010-10-01 00:09:49 . 2004-02-18 20:41:08   --------   d-----w-   C:\Program Files\Java
          2010-09-27 06:45:14 . 2008-05-14 07:32:36   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
          2010-09-27 06:34:34 . 2009-10-08 18:48:28   117760   ----a-w-   C:\Documents and Settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
          2010-09-26 10:04:34 . 2010-01-19 07:37:59   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\Media Player Classic
          2010-09-24 01:33:42 . 2008-09-08 16:33:16   --------   d-----w-   C:\Program Files\ERUNT
          2010-09-22 18:59:32 . 2006-04-12 18:25:43   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\Thunderbird
          2010-09-22 01:41:43 . 2009-04-23 06:47:44   --------   d-----w-   C:\Program Files\SpywareBlaster
          2010-09-22 01:08:39 . 2002-12-18 08:10:52   --------   d-----w-   C:\Program Files\WinTV
          2010-09-22 01:00:34 . 2004-01-16 01:15:35   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2010-09-21 10:54:08 . 2008-05-21 00:21:17   --------   d-----w-   C:\Program Files\Unlocker
          2010-09-09 18:14:33 . 2008-08-20 17:51:11   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\gtk-2.0
          2010-09-04 08:34:37 . 2002-12-22 01:36:02   --------   d-----w-   C:\Program Files\AutoCAD R14
          2010-08-21 07:52:55 . 2010-08-21 07:52:55   503808   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcp71.dll
          2010-08-21 07:52:55 . 2010-08-21 07:52:55   499712   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\jmc.dll
          2010-08-21 07:52:55 . 2010-08-21 07:52:55   348160   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcr71.dll
          2010-08-21 07:48:15 . 2010-08-21 07:48:15   61440   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-sse.dll
          2010-08-21 07:48:15 . 2010-08-21 07:48:15   12800   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-d3d.dll
          2010-08-19 22:54:30 . 2010-08-19 22:54:23   --------   d-----w-   C:\Program Files\GIMP-2.0
          2010-08-17 13:17:06 . 2001-08-18 12:00:00   58880   ----a-w-   C:\WINDOWS\system32\spoolsv.exe
          2010-08-13 10:12:38 . 2010-07-29 15:43:41   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\DVD Flick
          2010-07-25 07:10:09 . 2004-02-09 09:49:22   664   ----a-w-   C:\WINDOWS\system32\d3d9caps.dat
          2010-07-24 23:52:58 . 2004-10-08 03:03:21   254632   ----a-w-   C:\Documents and Settings\Wayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
          2010-07-24 23:52:34 . 2010-07-24 23:52:34   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml52.tmp
          2010-07-24 23:52:34 . 2010-07-24 23:52:34   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml51.tmp
          2010-07-24 23:52:34 . 2010-07-24 23:52:15   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml50.tmp
          2010-07-24 23:52:34 . 2010-05-31 04:08:29   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml16F.tmp
          2010-07-24 23:52:34 . 2010-05-31 04:08:27   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml16E.tmp
          2010-07-22 15:49:15 . 2004-04-19 15:30:26   590848   ----a-w-   C:\WINDOWS\system32\rpcrt4.dll
          2010-07-22 05:57:20 . 2009-04-16 04:06:45   5120   ----a-w-   C:\WINDOWS\system32\xpsp4res.dll
          2010-07-19 00:48:01 . 2008-05-28 04:57:40   243024   ----a-w-   C:\WINDOWS\system32\drivers\avgtdix.sys
          2010-07-19 00:47:58 . 2010-07-19 00:47:58   12536   ----a-w-   C:\WINDOWS\system32\avgrsstx.dll
          2010-07-19 00:46:17 . 2008-05-28 04:57:39   216400   ----a-w-   C:\WINDOWS\system32\drivers\avgldx86.sys
          2010-07-17 10:00:04 . 2010-05-23 05:24:54   423656   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
          2010-07-12 18:46:00 . 2010-07-12 18:46:00   552   ----a-w-   C:\WINDOWS\system32\d3d8caps.dat
          2010-07-12 17:04:00 . 2008-09-17 21:14:37   70691   ----a-w-   C:\WINDOWS\pchealth\HELPCTR\OfflineCache\index.dat
          2001-07-07 04:47:50 . 2001-07-07 04:47:50   3149   ----a-w-   C:\Program Files\ReadMe.txt
          2001-07-06 21:59:54 . 2001-07-06 21:59:54   372736   ----a-w-   C:\Program Files\Dragnifier.exe
          2008-12-21 19:43:06 . 2008-09-06 19:16:33   67688   ----a-w-   C:\Program Files\mozilla firefox\components\jar50.dll
          2008-12-21 19:43:06 . 2008-09-06 19:16:33   54368   ----a-w-   C:\Program Files\mozilla firefox\components\jsd3250.dll
          2008-12-21 19:43:06 . 2008-09-06 19:16:33   34944   ----a-w-   C:\Program Files\mozilla firefox\components\myspell.dll
          2008-12-21 19:43:06 . 2008-09-06 19:16:33   46712   ----a-w-   C:\Program Files\mozilla firefox\components\spellchk.dll
          2008-12-21 19:43:07 . 2008-09-06 19:16:33   172136   ----a-w-   C:\Program Files\mozilla firefox\components\xpinstal.dll
          2008-04-14 00:12:01 . 2008-10-01 08:11:52   413696   --sha-w-   C:\WINDOWS\system32\SET284.tmp
          2008-04-14 10:42:02 . 2010-07-12 06:28:01   413696   --sha-w-   C:\WINDOWS\system32\SET45A.tmp
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Please help, being hijacked while web surfing...
          « Reply #11 on: October 04, 2010, 04:27:02 PM »
          This is not the complete ComboFix file. Please post everything.
          Windows 8 and Windows 10 dual boot with two SSD's

          jwfilion

            Topic Starter


            Intermediate

            Re: Please help, being hijacked while web surfing...
            « Reply #12 on: October 04, 2010, 06:33:55 PM »
            Sorry, but I am a bit confused. This is all there is in the ComboFix.txt file in the "blackpudding" folder. There are other .txt files, but this is the only txt file named ComboFix.txt, all 12.5 kbytes of it. I await your response.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Please help, being hijacked while web surfing...
            « Reply #13 on: October 05, 2010, 04:24:27 PM »
            Ok. Delete that file, run ComboFix again and see we can get a complete log. ;D
            Windows 8 and Windows 10 dual boot with two SSD's

            jwfilion

              Topic Starter


              Intermediate

              Re: Please help, being hijacked while web surfing...
              « Reply #14 on: October 05, 2010, 11:28:34 PM »
              Hey SuperDave, after a few dozen attempts at running the program, and being told that I had the wrong operating system, and was not the Administrator, (I am!) and stalling at the DOS window, I finally got it to run. Oddly enough, it worked after I renamed the batch file "666". It seemed appropriate. Here is the log...


              ComboFix 10-10-05.01 - Wayne 10/05/2010  23:46:15.2.1 - x86
              Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1405 [GMT -5:00]
              Running from: c:\documents and settings\Wayne\Desktop\666.bat
              AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
              FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
              .

              (((((((((((((((((((((((((   Files Created from 2010-09-06 to 2010-10-06  )))))))))))))))))))))))))))))))
              .

              2010-10-06 04:03 . 2010-10-06 04:03   --------   d-----w-   C:\ViewPro
              2010-10-05 18:22 . 2010-10-05 18:22   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Foxit Software
              2010-10-05 08:07 . 2010-10-05 08:07   262144   ----a-w-   c:\documents and settings\ntuser.dat
              2010-10-04 18:15 . 2010-10-04 18:15   4100960   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
              2010-10-04 18:15 . 2010-10-04 18:15   2065760   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
              2010-10-04 18:15 . 2010-10-04 18:15   4394336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
              2010-09-29 19:13 . 2010-10-06 02:35   --------   d-----w-   c:\program files\Mozilla Thunderbird
              2010-09-26 20:50 . 2010-09-26 20:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\PCToolsFirewallPlus
              2010-09-26 20:46 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
              2010-09-26 20:46 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
              2010-09-26 20:45 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
              2010-09-26 20:44 . 2010-09-26 20:46   --------   d-----w-   c:\program files\Common Files\PC Tools
              2010-09-26 20:44 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
              2010-09-26 20:44 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
              2010-09-26 20:44 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
              2010-09-26 20:44 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
              2010-09-26 20:44 . 2010-09-28 03:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
              2010-09-26 09:53 . 2010-09-26 09:54   --------   d-----w-   c:\program files\CCleaner
              2010-09-26 01:14 . 2010-09-25 19:55   1129120   ----a-w-   c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
              2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\STOPzilla!
              2010-09-25 15:42 . 2010-10-06 04:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
              2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\Common Files\iS3
              2010-09-25 05:00 . 2010-09-25 05:00   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
              2010-09-24 16:25 . 2010-09-25 19:46   --------   d-----w-   c:\program files\UnHackMe
              2010-09-24 15:57 . 2010-09-24 16:26   2   --shatr-   c:\windows\winstart.bat
              2010-09-24 01:33 . 2010-09-24 01:33   12872   ----a-w-   c:\windows\system32\bootdelete.exe
              2010-09-24 01:26 . 2010-09-24 23:39   16968   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
              2010-09-24 01:23 . 2010-09-24 01:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
              2010-09-24 01:23 . 2010-09-24 01:23   --------   d-----w-   c:\program files\Hitman Pro 3.5
              2010-09-21 06:28 . 2010-09-21 06:28   --------   d-----w-   c:\program files\ESET
              2010-09-20 23:08 . 2010-09-20 23:08   546256   ----a-r-   c:\windows\system32\SZComp5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   22992   ----a-r-   c:\windows\system32\SZIO5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   132560   ----a-r-   c:\windows\system32\IS3HTUI5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Svc5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   67024   ----a-r-   c:\windows\system32\IS3Hks5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   452048   ----a-r-   c:\windows\system32\SZBase5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   398800   ----a-r-   c:\windows\system32\IS3DBA5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   28624   ----a-r-   c:\windows\system32\IS3XDat5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Inet5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   738768   ----a-r-   c:\windows\system32\IS3Base5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   390608   ----a-r-   c:\windows\system32\IS3UI5.dll
              2010-09-20 23:08 . 2010-09-20 23:08   230864   ----a-r-   c:\windows\system32\IS3Win325.dll
              2010-09-16 00:51 . 2010-09-16 00:51   --------   d-----w-   c:\program files\WinPcap

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2010-10-06 04:56 . 2010-10-06 04:24   3000   ----a-w-   c:\windows\system32\drivers\kgpfr2.cfg
              2010-10-06 04:46 . 2010-10-06 04:21   1680   ----a-w-   c:\windows\system32\drivers\kgpcpy.cfg
              2010-10-06 04:20 . 2009-01-09 03:27   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
              2010-10-01 19:35 . 2010-05-28 05:29   --------   d-----w-   c:\program files\MTS Accelerator
              2010-10-01 00:09 . 2004-02-18 20:41   --------   d-----w-   c:\program files\Java
              2010-09-27 06:45 . 2008-05-14 07:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
              2010-09-27 06:34 . 2009-10-08 18:48   117760   ----a-w-   c:\documents and settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
              2010-09-26 10:04 . 2010-01-19 07:37   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Media Player Classic
              2010-09-24 01:33 . 2008-09-08 16:33   --------   d-----w-   c:\program files\ERUNT
              2010-09-22 18:59 . 2006-04-12 18:25   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Thunderbird
              2010-09-22 01:41 . 2009-04-23 06:47   --------   d-----w-   c:\program files\SpywareBlaster
              2010-09-22 01:08 . 2002-12-18 08:10   --------   d-----w-   c:\program files\WinTV
              2010-09-22 01:00 . 2004-01-16 01:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
              2010-09-21 10:54 . 2008-05-21 00:21   --------   d-----w-   c:\program files\Unlocker
              2010-09-09 18:14 . 2008-08-20 17:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\gtk-2.0
              2010-09-04 08:34 . 2002-12-22 01:36   --------   d-----w-   c:\program files\AutoCAD R14
              2010-08-21 07:52 . 2010-08-21 07:52   503808   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcp71.dll
              2010-08-21 07:52 . 2010-08-21 07:52   499712   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\jmc.dll
              2010-08-21 07:52 . 2010-08-21 07:52   348160   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcr71.dll
              2010-08-21 07:48 . 2010-08-21 07:48   61440   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-sse.dll
              2010-08-21 07:48 . 2010-08-21 07:48   12800   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-d3d.dll
              2010-08-19 22:54 . 2010-08-19 22:54   --------   d-----w-   c:\program files\GIMP-2.0
              2010-08-17 13:17 . 2001-08-18 12:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
              2010-08-13 10:12 . 2010-07-29 15:43   --------   d-----w-   c:\documents and settings\Wayne\Application Data\DVD Flick
              2010-07-25 07:10 . 2004-02-09 09:49   664   ----a-w-   c:\windows\system32\d3d9caps.dat
              2010-07-24 23:52 . 2004-10-08 03:03   254632   ----a-w-   c:\documents and settings\Wayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
              2010-07-24 23:52 . 2010-07-24 23:52   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml52.tmp
              2010-07-24 23:52 . 2010-07-24 23:52   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml51.tmp
              2010-07-24 23:52 . 2010-07-24 23:52   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml50.tmp
              2010-07-24 23:52 . 2010-05-31 04:08   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml16F.tmp
              2010-07-24 23:52 . 2010-05-31 04:08   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml16E.tmp
              2010-07-22 15:49 . 2004-04-19 15:30   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
              2010-07-22 05:57 . 2009-04-16 04:06   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
              2010-07-19 00:48 . 2008-05-28 04:57   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
              2010-07-19 00:47 . 2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
              2010-07-19 00:46 . 2008-05-28 04:57   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
              2010-07-17 10:00 . 2010-05-23 05:24   423656   ----a-w-   c:\windows\system32\deployJava1.dll
              2010-07-12 18:46 . 2010-07-12 18:46   552   ----a-w-   c:\windows\system32\d3d8caps.dat
              2010-07-12 17:04 . 2008-09-17 21:14   70691   ----a-w-   c:\windows\pchealth\HELPCTR\OfflineCache\index.dat
              2001-07-07 04:47 . 2001-07-07 04:47   3149   ----a-w-   c:\program files\ReadMe.txt
              2001-07-06 21:59 . 2001-07-06 21:59   372736   ----a-w-   c:\program files\Dragnifier.exe
              2008-12-21 19:43 . 2008-09-06 19:16   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
              2008-12-21 19:43 . 2008-09-06 19:16   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
              2008-12-21 19:43 . 2008-09-06 19:16   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
              2008-12-21 19:43 . 2008-09-06 19:16   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
              2008-12-21 19:43 . 2008-09-06 19:16   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
              2008-04-14 00:12 . 2008-10-01 08:11   413696   --sha-w-   c:\windows\system32\SET284.tmp
              2008-04-14 10:42 . 2010-07-12 06:28   413696   --sha-w-   c:\windows\system32\SET45A.tmp
              .

              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
              "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
              "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
              "VTPreset"="VTPreset.exe" [2004-02-25 45056]
              "BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2004-05-05 237568]
              "EssSpkPhone"="essspk.exe" [2002-05-31 167936]
              "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
              "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
              "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
              "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-20 86016]
              "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
              "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

              c:\documents and settings\All Users\Start Menu\Programs\Startup\
              Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
              Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-19 805392]
              Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-10-08 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
              2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
              2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
              @=""

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk]
              backup=c:\windows\pss\Cloudmark SpamNet for OE.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk]
              backup=c:\windows\pss\dpcstart.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk]
              backup=c:\windows\pss\ClickTray Calendar.lnkStartup
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Popup Ad Filter
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
              "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
              "c:\\WINDOWS\\system32\\mmc.exe"=
              "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
              "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
              "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
              "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
              "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
              "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
              "c:\\Program Files\\Opera\\opera.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
              "AllowInboundEchoRequest"= 1 (0x1)

              R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
              R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
              R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 11:57 PM 216400]
              R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2008 11:57 PM 243024]
              R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/26/2010 3:45 PM 233136]
              R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872]
              R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656]
              R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/18/2010 7:46 PM 921440]
              R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/18/2010 7:47 PM 308136]
              R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/29/2010 8:14 PM 20072]
              R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/26/2010 3:46 PM 88040]
              R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [5/30/2008 1:31 PM 98488]
              R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
              R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/26/2010 3:44 PM 70664]
              R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/26/2010 3:44 PM 58816]
              R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/26/2010 3:44 PM 115216]
              S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
              S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
              S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
              S3 nuvaudio;Hauppauge WinTV USB Pro Audio Service;c:\windows\system32\DRIVERS\nuvaudio.sys --> c:\windows\system32\DRIVERS\nuvaudio.sys [?]
              S3 NuVision;Hauppauge WinTV USB Live Pro;c:\windows\system32\drivers\Nuvision.sys [12/19/2002 3:56 PM 260144]
              S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
              S3 USBNDIS;%USBNDIS.Service.DispName%;c:\windows\system32\DRIVERS\usbndis.sys --> c:\windows\system32\DRIVERS\usbndis.sys [?]
              S4 DPCUSB;Satellite Receiver USB Driver;c:\windows\system32\Drivers\DPCUSB.sys --> c:\windows\system32\Drivers\DPCUSB.sys [?]
              .
              Contents of the 'Scheduled Tasks' folder

              2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
              .
              .
              ------- Supplementary Scan -------
              .
              uStart Page = hxxp://www.canoe.ca/
              uInternet Settings,ProxyOverride = <local>
              IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
              DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
              FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\
              FF - prefs.js: browser.search.selectedEngine - www.google-feed.net
              FF - prefs.js: browser.startup.homepage - hxxp://en.canoe.ca/home.html
              FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
              FF - component: c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]\components\PACMozComponent.dll
              FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
              .
              - - - - ORPHANS REMOVED - - - -

              WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
              AddRemove-GSpot - c:\program files\GSpot\Uninstall.exe


              .
              --------------------- LOCKED REGISTRY KEYS ---------------------

              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}*]
              "WE6X3HNHJXRI2CPMH2OUMP32VF1"=hex:01,00,01,00,00,00,00,00,6d,db,9e,e2,89,b8,a5,
                 65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              - - - - - - - > 'winlogon.exe'(700)
              c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
              c:\program files\common files\logishrd\bluetooth\LBTServ.dll

              - - - - - - - > 'explorer.exe'(236)
              c:\windows\system32\WININET.dll
              c:\program files\Logitech\SetPoint\lgscroll.dll
              c:\windows\system32\ieframe.dll
              c:\windows\system32\WPDShServiceObj.dll
              c:\windows\system32\PortableDeviceTypes.dll
              c:\windows\system32\PortableDeviceApi.dll
              .
              Completion time: 2010-10-06  00:02:41
              ComboFix-quarantined-files.txt  2010-10-06 05:02

              Pre-Run: 265,712,398,336 bytes free
              Post-Run: 265,705,082,880 bytes free

              - - End Of File - - 6308A0289D7F412A0E85994AA668FC77