[Resolved] Random Redirect - all pages, all browser

Hi geniuses!

Since almost three weeks my computer is almost totally internet useless, except skype.

The problem is that when trying to open any page, it starts loading, and almost when finished it redirects me to another site, most of the cases with a string name starting with ad.yieldmanager or searchinvited.com followed by letters numbers.

The interesting thing is that it does it both if I type address directly or go there by google search. Anyhow, when I give "cached" in google search, the page loads normal with no redirects.

Often it also gives me Error Loading page, contact system administrator (although I open the same page ok on nearby pc)

Problem persists for : opera, firefox, explorer, google chrome, safari
Already tried running following - AVG antivir, Avast antivir, syperantispyware, MBAM, and some others I have aready uninstalled.

I also installed zonealarm in order to monitor activity. I thought it may have been a separate program accessing internet and messing, but no result.

I really need help before starting deleting anything (Already viewed some people with same issue), as I am afraid of messing up, i really need the info here.

Here is hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:28 PM, on 9/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [System] C:\kernelcheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System] C:\kernelcheck.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Windows Helper] wsctnfy.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [System Sound] C:\DOCUME~1\KIRIL~1.ADM\LOCALS~1\Temp\\sysfnx.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Услуга Google Update (gupdate1c9dea7f64c7dc) (gupdate1c9dea7f64c7dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: noytcyr - Unknown owner - C:\WINDOWS\system32\noytcyr.exe (file missing)
O23 - Service: perfs - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: roytctm - Unknown owner - C:\WINDOWS\system32\roytctm.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: soxpeca - Unknown owner - C:\WINDOWS\system32\soxpeca.exe (file missing)
O23 - Service: tdydowkc - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WindowsMgr (winvnc) - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)
O23 - Service: wsldoekd - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe (file missing)

--
End of file - 11441 bytes



Help would be very appraciated!

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE. If Combofix asks you to install Recovery Console, please allow it.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

__________________
My Home Page

Hello ! Thank you for reply

It's about 30 minutes I'm trying to open the page of the foru. It opens the main forum frame, but when logging to my post, it continues redirecting. I've five pcs on a network, and since this morning all strated redirecting to stupid searchinvented.com sites.

I've finally managed to log diasbleing javascrpt on another machine (from mozzilla).

The interesting thing is that it loads a ranodom page , on the upper part fo site written "this domain has expired on 25 september 12.44", and the page is always the same, with different site name (exploited.com or bleepingcomputer.com when i tried downloading combofix)

On other machines it even says "Error. could not connect. please contact your administrator if problem persists"
All this after running combofix

Anyhow, here is hijack this log and combofix log:

ComboFix 09-09-23.02 - kiril 09/25/2009 10:51.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1015.384 [GMT 2:00]
Running from: c:\documents and settings\kiril.ADMIN1\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kiril.ADMIN1\Favorites\Download programs.url
c:\documents and settings\kiril.ADMIN1\Favorites\Games.url
c:\documents and settings\kiril.ADMIN1\Favorites\Translator.url
c:\documents and settings\kiril.ADMIN1\Favorites\Videos.url
c:\documents and settings\kiril.ADMIN1\Start Menu\Programs\Download programs.url
c:\documents and settings\kiril.ADMIN1\Start Menu\Programs\Games.url
c:\documents and settings\kiril.ADMIN1\Start Menu\Programs\Translator.url
c:\documents and settings\kiril.ADMIN1\Start Menu\Programs\Videos.url
c:\recycled\Recycled
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\9g234sdfdfgjf23
c:\windows\Install.txt
c:\windows\Installer\3cfa3a.msi
c:\windows\system32\ibfs32.dll
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\uptodate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MSNCACHE
-------\Legacy_NOYTCYR
-------\Legacy_NWCWORKSTATION
-------\Legacy_PERFS
-------\Legacy_ROYTCTM
-------\Legacy_SOPIDKC
-------\Legacy_SOXPECA
-------\Legacy_TDCTXTE
-------\Legacy_TDYDOWKC
-------\Legacy_WINDOWSSERVICE
-------\Legacy_WSLDOEKD
-------\Service_noytcyr
-------\Service_NWCWorkstation
-------\Service_perfs
-------\Service_roytctm
-------\Service_soxpeca
-------\Service_tdydowkc
-------\Service_wsldoekd


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-18 12:41 . 2009-09-18 12:41 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\AVG Security Toolbar
2009-09-18 12:16 . 2009-09-18 12:16 -------- d-----w- c:\program files\AskBarDis
2009-09-18 12:15 . 2009-02-15 21:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-18 12:15 . 2009-02-15 21:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-18 12:15 . 2009-02-15 21:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-18 12:15 . 2009-09-18 12:16 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-18 12:15 . 2009-09-18 12:15 -------- d-----w- c:\program files\Zone Labs
2009-09-18 08:12 . 2009-09-22 15:12 -------- d-----w- C:\$AVG8.VAULT$
2009-09-18 07:59 . 2009-09-18 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-18 07:59 . 2009-09-18 07:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-18 07:59 . 2009-09-18 07:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-18 07:59 . 2009-09-18 07:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-18 07:58 . 2009-09-18 07:58 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-18 07:58 . 2009-09-18 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-18 07:58 . 2009-09-18 07:58 -------- d-----w- c:\program files\AVG
2009-09-18 07:58 . 2009-09-18 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 07:50 . 2009-09-18 07:50 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\AVG8
2009-09-16 10:02 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-16 10:01 . 2009-09-16 10:01 -------- d-----w- c:\program files\Panda Security
2009-09-16 09:36 . 2009-09-25 09:05 -------- d-sh--w- c:\documents and settings\Kiril\Temporary Internet Files
2009-09-16 08:45 . 2009-09-16 08:45 64340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 08:20 . 2009-09-25 07:23 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-15 08:19 . 2004-04-27 01:40 11264 ----a-w- c:\windows\system32\SpOrder.dll
2009-09-15 08:18 . 2009-09-25 07:33 -------- d-----w- c:\windows\Internet Logs
2009-09-14 12:57 . 2009-09-14 12:57 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\Apple Computer
2009-09-14 12:57 . 2009-09-14 12:57 -------- d-----w- c:\program files\Safari
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Apple
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-07 08:38 . 2009-09-07 08:38 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\Bullzip
2009-09-07 08:36 . 2008-10-30 20:15 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2009-09-07 08:36 . 2008-07-09 21:19 103424 ----a-w- c:\windows\system32\bzDCT.dll
2009-09-07 08:36 . 2008-09-26 17:44 126976 ----a-w- c:\windows\system32\bzpdfc.dll
2009-09-07 08:36 . 2009-04-22 16:53 194560 ----a-w- c:\windows\system32\bzpdf.dll
2009-09-07 08:36 . 2009-09-07 08:36 -------- d-----w- c:\program files\Bullzip
2009-08-31 06:33 . 2009-08-31 06:33 -------- d-----w- c:\program files\Trend Micro
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-26 15:00 . 2009-08-26 15:00 -------- d-----w- c:\program files\NortonInstaller
2009-08-26 15:00 . 2009-08-26 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-25 09:06 . 2008-10-03 14:06 -------- d-----w- c:\program files\eMule
2009-09-25 08:47 . 2007-10-10 16:24 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\Skype
2009-09-25 07:43 . 2008-03-28 10:34 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\skypePM
2009-09-17 12:30 . 2008-11-03 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-09-17 10:06 . 2007-10-10 16:32 9320 ----a-w- c:\windows\hh.dat
2009-09-16 15:03 . 2009-03-04 13:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-14 12:33 . 2008-11-26 11:06 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-14 12:33 . 2008-11-26 11:06 -------- d-----w- c:\program files\AVS4YOU
2009-08-26 15:01 . 2009-03-04 13:19 -------- d-----w- c:\program files\Norton Security Scan
2009-08-24 10:44 . 2007-10-10 14:05 82608 ----a-w- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 06:40 . 2009-08-06 09:15 -------- d-----w- c:\program files\Lavalys
2009-08-17 16:10 . 2009-05-26 09:40 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-26 09:40 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-26 09:40 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-26 09:40 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-26 09:40 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-26 09:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-26 09:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-26 09:41 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-26 09:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 07:29 . 2009-06-26 07:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-07 09:07 . 2009-08-06 13:32 -------- d-----w- c:\program files\ZAR
2009-08-07 09:06 . 2009-08-06 08:49 -------- d-----w- c:\program files\DiskInternals
2009-08-07 06:53 . 2008-11-05 15:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-07 06:35 . 2007-10-09 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 11:14 . 2009-08-06 08:54 -------- d-----w- c:\program files\PTDD Group
2009-08-06 10:37 . 2009-08-06 10:04 -------- d-----w- c:\program files\Runtime Software
2009-08-05 09:11 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2007-10-09 15:02 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 09:04 . 2009-07-03 09:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2007-05-07 13:58 . 2007-05-07 13:58 77824 --sh--w- c:\windows\VNCHooks.dll
2009-05-27 10:46 . 2009-05-19 05:50 1560608 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-27 10:46 . 2009-05-19 05:50 75552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 15:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 06:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-27 39408]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2005-02-03 2903632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-29 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-03 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-18 2007832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2007-10-9 95232]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-18 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Wmi"=3 (0x3)
"SolidWorks Licensing Service"=3 (0x3)
"SCardSvr"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NtmsSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Capture Device Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\kiril.ADMIN1\\temp\\TeamViewer3\\TeamVie wer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
"7070:TCP"= 7070:TCP:*isabled:nfr

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [9/16/2009 12:02 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/26/2009 11:40 AM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/18/2009 9:59 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/18/2009 9:59 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/18/2009 2:16 PM 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [5/26/2009 11:40 AM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/18/2009 9:58 AM 297752]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mul l.sys [10/3/2008 4:36 PM 67712]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/23/2001 2:00 PM 14336]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 1:00 AM 316992]
S2 gupdate1c9dea7f64c7dc;Ус»уі° Google Update (gupdate1c9dea7f64c7dc);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 10:42 AM 133104]
S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\system32\drivers\keilul.sy s [7/24/2008 10:28 AM 35306]
S2 USBBC;USB DataLink Cable (Windows 2000);c:\windows\system32\USBBC20.sys [10/10/2007 11:58 AM 14228]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 7408]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\VNic.sys [10/10/2007 3:09 PM 57516]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-21 07:56]

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 08:42]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 08:42]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1957994488-839522115-1010Core.job
- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 12:20]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1957994488-839522115-1010UA.job
- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 12:20]

2009-09-16 c:\windows\Tasks\Norton Security Scan for kiril.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-26 09:21]

2009-09-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 20:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\kiril.ADMIN1\Application Data\Mozilla\Firefox\Profiles\8ez2s9cp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?stype=first&clid=36251&yasoft=barff&tex t=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.21115.0.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-Windows Helper - wsctnfy.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-25 11:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.Flas hProp]
@DACL=(02 0000)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.Flas hProp.1]
@DACL=(02 0000)
@="FlashProp Class"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
.
************************************************** ************************
.
Completion time: 2009-09-25 11:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 09:11

Pre-Run: 37,222,809,600 bytes free
Post-Run: 40,591,138,816 bytes free

334 --- E O F --- 2009-08-24 06:20





-------------------------------------------------------------------------------------------
HIJACKTHIS:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:43 AM, on 9/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Услуга Google Update (gupdate1c9dea7f64c7dc) (gupdate1c9dea7f64c7dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WindowsMgr (winvnc) - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)

--
End of file - 10086 bytes


http://www.d-a-l.com/help/images/smilies/mad.gif

You're running two antivirus programs, Avast and AVG.
One of them has to go.
It's your choice...
AVG Antivirus Remover utility
or...
avast! uninstall utility

================================================== ===========

Combofix says:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Make sure, on next Combofix run, you'll allow Recovery Console installation.

================================================== ============

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

__________________
My Home Page

Avast gone.
Problem still persists, at full power. Almost any page is not loadable. Now difference is that apart from redirecting the page itslef, it also opens pop-ups (tried mozzilla).

Combofix did not ask me to install any recovery console, not this time, nor the previous. In case it is fatal please explain me from where to enable or install it.

here Combofix:

ComboFix 09-09-25.01 - kiril 09/28/2009 9:00.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1015.523 [GMT 2:00]
Running from: c:\documents and settings\kiril.ADMIN1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kiril.ADMIN1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe"
"c:\windows\Tasks\Norton Security Scan for kiril.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\08-26-2009-18h00m59s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\08-26-2009-18h00m59s\NortonInstall-08-26-2009-18h00m59s.log
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\symdata.xml
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090916.003\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\umcat_01.db
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\BilBDRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\BilBDRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ccL80U.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ccScanw.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ccVrTrst.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\dec_abi.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\DefUtDCD.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\diLueCbk.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ecmldr32.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\HeartBt.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\help.htm
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\msl.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\msvcp80.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\msvcr80.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\NssCFA.exe
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\patch25d.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\PrdDtRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SAUpdt.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ScanCore.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ScanRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SKUCfg.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SKURes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SymHTML.dll
c:\program files\Norton Security Scan\Norton Security Scan\isolate.ini
c:\program files\NortonInstaller
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\09\01\InstU I.loc
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\ccL80U.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\ccSet.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Engine.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\extract.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\fallback.da t
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\finalzed.da t
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Install.mft
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.ex e
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstUI.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\layout.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Lue.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Microsoft.V C80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Microsoft.V C80.CRT\msvcm80.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Microsoft.V C80.CRT\msvcp80.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\Microsoft.V C80.CRT\msvcr80.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\ProdCbk.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\SKUCfg.dll
c:\program files\Panda Security
c:\program files\Panda Security\ActiveScan 2.0\apicr.dll
c:\program files\Panda Security\ActiveScan 2.0\as2auditor.dll
c:\program files\Panda Security\ActiveScan 2.0\as2data.dll
c:\program files\Panda Security\ActiveScan 2.0\as2guiie.dll
c:\program files\Panda Security\ActiveScan 2.0\as2inst.dll
c:\program files\Panda Security\ActiveScan 2.0\as2scanner.dll
c:\program files\Panda Security\ActiveScan 2.0\as2stubie.dll
c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe
c:\program files\Panda Security\ActiveScan 2.0\asmdat.dll
c:\program files\Panda Security\ActiveScan 2.0\avdetect.ini
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2KRN_DATA
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM2
c:\program files\Panda Security\ActiveScan 2.0\firewalldetect.ini
c:\program files\Panda Security\ActiveScan 2.0\kreexent.dll
c:\program files\Panda Security\ActiveScan 2.0\libcomm.dll
c:\program files\Panda Security\ActiveScan 2.0\libxml2.dll
c:\program files\Panda Security\ActiveScan 2.0\mapvfile.dll
c:\program files\Panda Security\ActiveScan 2.0\memvfile.dll
c:\program files\Panda Security\ActiveScan 2.0\minicrypto.dll
c:\program files\Panda Security\ActiveScan 2.0\msvcr71.dll
c:\program files\Panda Security\ActiveScan 2.0\nanocache.fil2
c:\program files\Panda Security\ActiveScan 2.0\npwrapper.dll
c:\program files\Panda Security\ActiveScan 2.0\pav.sig
c:\program files\Panda Security\ActiveScan 2.0\pavboot.sys
c:\program files\Panda Security\ActiveScan 2.0\pavboot64.sys
c:\program files\Panda Security\ActiveScan 2.0\pavexcom.dll
c:\program files\Panda Security\ActiveScan 2.0\pavoe.dll
c:\program files\Panda Security\ActiveScan 2.0\pavsddl.dll
c:\program files\Panda Security\ActiveScan 2.0\pavvt.dll
c:\program files\Panda Security\ActiveScan 2.0\pavvts.dat
c:\program files\Panda Security\ActiveScan 2.0\pskads.dll
c:\program files\Panda Security\ActiveScan 2.0\pskahk.dll
c:\program files\Panda Security\ActiveScan 2.0\pskalloc.dll
c:\program files\Panda Security\ActiveScan 2.0\pskas.dll
c:\program files\Panda Security\ActiveScan 2.0\pskavs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskcmp.dll
c:\program files\Panda Security\ActiveScan 2.0\pskfss.dll
c:\program files\Panda Security\ActiveScan 2.0\pskhtml.dll
c:\program files\Panda Security\ActiveScan 2.0\pskmdfs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskmfs.dll
c:\program files\Panda Security\ActiveScan 2.0\psknc.dll
c:\program files\Panda Security\ActiveScan 2.0\pskpack.dll
c:\program files\Panda Security\ActiveScan 2.0\pskqhs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskscs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskutil.dll
c:\program files\Panda Security\ActiveScan 2.0\pskvfile.dll
c:\program files\Panda Security\ActiveScan 2.0\pskvfs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskvm.dll
c:\program files\Panda Security\ActiveScan 2.0\psnden.dll
c:\program files\Panda Security\ActiveScan 2.0\psndsk.dll
c:\program files\Panda Security\ActiveScan 2.0\psnengav.dll
c:\program files\Panda Security\ActiveScan 2.0\psnengav.nsc
c:\program files\Panda Security\ActiveScan 2.0\psnfc.dll
c:\program files\Panda Security\ActiveScan 2.0\psnglkntex.dll
c:\program files\Panda Security\ActiveScan 2.0\psnhsh.dll
c:\program files\Panda Security\ActiveScan 2.0\psnkrnl.dll
c:\program files\Panda Security\ActiveScan 2.0\psnxprs.dll
c:\program files\Panda Security\ActiveScan 2.0\psqmgr.dll
c:\program files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF
c:\program files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF.ext
c:\program files\Panda Security\ActiveScan 2.0\psqstore\PSQ.CFG
c:\program files\Panda Security\ActiveScan 2.0\pssarf.dll
c:\program files\Panda Security\ActiveScan 2.0\psscan.dll
c:\program files\Panda Security\ActiveScan 2.0\psscoms.dll
c:\program files\Panda Security\ActiveScan 2.0\psscpu.dll
c:\program files\Panda Security\ActiveScan 2.0\pssdet.dll
c:\program files\Panda Security\ActiveScan 2.0\psspa.dll
c:\program files\Panda Security\ActiveScan 2.0\pssqem.dll
c:\program files\Panda Security\ActiveScan 2.0\pssuts.dll
c:\program files\Panda Security\ActiveScan 2.0\pssyschk.dll
c:\program files\Panda Security\ActiveScan 2.0\putczip.dll
c:\program files\Panda Security\ActiveScan 2.0\rkpavproc.sys
c:\program files\Panda Security\ActiveScan 2.0\rkpavproc64.sys
c:\program files\Panda Security\ActiveScan 2.0\scremlsp.exe
c:\program files\Panda Security\ActiveScan 2.0\vplatdis.dll
c:\program files\Panda Security\ActiveScan 2.0\vplatprc.dll
c:\windows\Tasks\Norton Security Scan for kiril.job

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-18 12:41 . 2009-09-18 12:41 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\AVG Security Toolbar
2009-09-18 12:16 . 2009-09-18 12:16 -------- d-----w- c:\program files\AskBarDis
2009-09-18 12:15 . 2009-02-15 21:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-18 12:15 . 2009-02-15 21:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-18 12:15 . 2009-02-15 21:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-18 12:15 . 2009-09-18 12:16 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-18 12:15 . 2009-09-18 12:15 -------- d-----w- c:\program files\Zone Labs
2009-09-18 08:12 . 2009-09-22 15:12 -------- d-----w- C:\$AVG8.VAULT$
2009-09-18 07:59 . 2009-09-18 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-18 07:59 . 2009-09-18 07:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-18 07:59 . 2009-09-18 07:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-18 07:59 . 2009-09-18 07:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-18 07:58 . 2009-09-25 15:16 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-18 07:58 . 2009-09-18 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-18 07:58 . 2009-09-18 07:58 -------- d-----w- c:\program files\AVG
2009-09-18 07:58 . 2009-09-18 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 07:50 . 2009-09-18 07:50 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\AVG8
2009-09-16 10:02 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-16 09:36 . 2009-09-25 09:05 -------- d-sh--w- c:\documents and settings\Kiril\Temporary Internet Files
2009-09-16 08:45 . 2009-09-16 08:45 64340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 08:20 . 2009-09-28 06:54 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-15 08:19 . 2004-04-27 01:40 11264 ----a-w- c:\windows\system32\SpOrder.dll
2009-09-15 08:18 . 2009-09-28 06:55 -------- d-----w- c:\windows\Internet Logs
2009-09-14 12:57 . 2009-09-14 12:57 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\Apple Computer
2009-09-14 12:57 . 2009-09-14 12:57 -------- d-----w- c:\program files\Safari
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Apple
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-07 08:38 . 2009-09-07 08:38 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\Bullzip
2009-09-07 08:36 . 2008-10-30 20:15 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2009-09-07 08:36 . 2008-07-09 21:19 103424 ----a-w- c:\windows\system32\bzDCT.dll
2009-09-07 08:36 . 2008-09-26 17:44 126976 ----a-w- c:\windows\system32\bzpdfc.dll
2009-09-07 08:36 . 2009-04-22 16:53 194560 ----a-w- c:\windows\system32\bzpdf.dll
2009-09-07 08:36 . 2009-09-07 08:36 -------- d-----w- c:\program files\Bullzip
2009-08-31 06:33 . 2009-08-31 06:33 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-28 06:54 . 2008-10-03 14:06 -------- d-----w- c:\program files\eMule
2009-09-28 06:50 . 2008-11-10 06:42 -------- d-----w- c:\program files\Alwil Software
2009-09-25 08:47 . 2007-10-10 16:24 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\Skype
2009-09-25 07:43 . 2008-03-28 10:34 -------- d-----w- c:\documents and settings\kiril.ADMIN1\Application Data\skypePM
2009-09-17 12:30 . 2008-11-03 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-09-17 10:06 . 2007-10-10 16:32 9320 ----a-w- c:\windows\hh.dat
2009-09-14 12:33 . 2008-11-26 11:06 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-14 12:33 . 2008-11-26 11:06 -------- d-----w- c:\program files\AVS4YOU
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-24 10:44 . 2007-10-10 14:05 82608 ----a-w- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 06:40 . 2009-08-06 09:15 -------- d-----w- c:\program files\Lavalys
2009-08-10 07:29 . 2009-06-26 07:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-07 09:07 . 2009-08-06 13:32 -------- d-----w- c:\program files\ZAR
2009-08-07 09:06 . 2009-08-06 08:49 -------- d-----w- c:\program files\DiskInternals
2009-08-07 06:53 . 2008-11-05 15:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-07 06:35 . 2007-10-09 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 11:14 . 2009-08-06 08:54 -------- d-----w- c:\program files\PTDD Group
2009-08-06 10:37 . 2009-08-06 10:04 -------- d-----w- c:\program files\Runtime Software
2009-08-05 09:11 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2007-10-09 15:02 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2001-08-23 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 09:04 . 2009-07-03 09:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2007-05-07 13:58 . 2007-05-07 13:58 77824 --sh--w- c:\windows\VNCHooks.dll
2009-05-27 10:46 . 2009-05-19 05:50 1560608 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-27 10:46 . 2009-05-19 05:50 75552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 15:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 06:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-27 39408]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2005-02-03 2903632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-29 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-03 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-18 2007832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2007-10-9 95232]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-18 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Wmi"=3 (0x3)
"SolidWorks Licensing Service"=3 (0x3)
"SCardSvr"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NtmsSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Capture Device Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\kiril.ADMIN1\\temp\\TeamViewer3\\TeamVie wer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
"7070:TCP"= 7070:TCP:*isabled:nfr

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [9/16/2009 12:02 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/18/2009 9:59 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/18/2009 9:59 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/18/2009 2:16 PM 464264]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/18/2009 9:58 AM 297752]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mul l.sys [10/3/2008 4:36 PM 67712]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/23/2001 2:00 PM 14336]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 1:00 AM 316992]
S2 gupdate1c9dea7f64c7dc;Ус»уі° Google Update (gupdate1c9dea7f64c7dc);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 10:42 AM 133104]
S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\system32\drivers\keilul.sy s [7/24/2008 10:28 AM 35306]
S2 USBBC;USB DataLink Cable (Windows 2000);c:\windows\system32\USBBC20.sys [10/10/2007 11:58 AM 14228]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 7408]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\VNic.sys [10/10/2007 3:09 PM 57516]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-21 07:56]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 08:42]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 08:42]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1957994488-839522115-1010Core.job
- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 12:20]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1957994488-839522115-1010UA.job
- c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 12:20]

2009-09-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 20:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\kiril.ADMIN1\Application Data\Mozilla\Firefox\Profiles\8ez2s9cp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?stype=first&clid=36251&yasoft=barff&tex t=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\documents and settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.21115.0.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.ex e



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-28 09:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ..

scanning hidden autostart entries ..

scanning hidden files ..

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1957994488-839522115-1010\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{08B8236D-F979-620D-03EA-43DE9C71BE9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"papbknjamhaakhhndnjhiohahmfgagio"=hex:6a,61,64,65 ,6e,65,65,67,6b,6f,62,6a,6a,
6b,64,6d,70,64,6a,61,00,00
"oajcmljdinbmalpckiklclelabdmjh"=hex:6a,61,63,65,6 e,62,6e,65,66,69,6d,70,61,6a,
6e,6f,6a,6d,6d,70,00,00

[HKEY_USERS\S-1-5-21-2052111302-1957994488-839522115-1010\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{55534EF4-D3A2-09B7-662C-4689E6B9808C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.Flas hProp]
@DACL=(02 0000)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.Flas hProp.1]
@DACL=(02 0000)
@="FlashProp Class"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-09-28 9:11
ComboFix-quarantined-files.txt 2009-09-28 07:11
ComboFix2.txt 2009-09-25 09:11

Pre-Run: 40,627,085,312 bytes free
Post-Run: 40,545,738,752 bytes free

490 --- E O F --- 2009-08-24 06:20



Here Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:56 AM, on 9/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\.\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\.\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\.\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\.\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\.\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\.\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\.\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\.\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\.\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\.\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\.\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\.\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\.\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\.\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\.\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\.\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\.\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\.\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\.\Run: [Google Update] "C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\.\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\.\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Услуга Google Update (gupdate1c9dea7f64c7dc) (gupdate1c9dea7f64c7dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WindowsMgr (winvnc) - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)

--
End of file - 9105 bytes

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Post fresh HijackThis log as well.

__________________
My Home Page

Hello,

sorry for late reply, but i am struggling since 3 days in getting dr web cureit work. It completes quick scan, does not find anything. But when I leave it to complete scan, almost at the end it always encouters a problem and needs to shut down.
I have downloaded it from the site you cited. Also tried in safe mode, same result.
here are the posts:

GROOVED FIX


GooredFix by jpshortstuff (24.09.09.1)
Log created at 10:22 on 30/09/2009 (kiril)
Firefox version 3.0.14 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extens ions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [06:56 29/01/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework \v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:16 24/08/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [07:58 18/09/2009]
"avg@igeared"="C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared" [07:58 18/09/2009]

-=E.O.F=-



HIJACKTHIS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:42 AM, on 10/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kiril.ADMIN1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Услуга Google Update (gupdate1c9dea7f64c7dc) (gupdate1c9dea7f64c7dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WindowsMgr (winvnc) - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)

--
End of file - 9640 bytes


The problem persists again. I open google, search something, when opening results, it opens me pages like the attached file.

Interesting is that it starts loading normal page, but during loading it is like page code changes and it redirects me.

I really do not know what it can be

Attached Images

searchinvented.jpg (49.0 KB, 19 views)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  
  Code:

  :dir
  C:\Program Files\Mozilla Firefox\searchplugins /s
  C:\Program Files\Mozilla Firefox\components /s

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

__________________
My Home Page

Here the log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:05 on 05/10/2009 by kiril (Administrator - Elevation successful)

========== dir ==========

C:\Program Files\Mozilla Firefox\searchplugins - Parameters: "/s"

---Files---
amazondotcom.xml --a--- 1394 bytes [08:38 17/10/2007] [07:07 06/08/2009]
answers.xml --a--- 2193 bytes [08:38 17/10/2007] [07:07 06/08/2009]
avg_igeared.xml --a--- 1489 bytes [07:58 18/09/2009] [12:41 18/09/2009]
creativecommons.xml --a--- 1534 bytes [08:38 17/10/2007] [07:07 06/08/2009]
eBay.xml --a--- 2343 bytes [08:38 17/10/2007] [07:07 06/08/2009]
google.xml --a--- 1706 bytes [08:38 17/10/2007] [07:07 06/08/2009]
wikipedia.xml --a--- 1178 bytes [07:28 21/01/2009] [07:07 06/08/2009]

No folders found.

C:\Program Files\Mozilla Firefox\components - Parameters: "/s"

---Files---
aboutRights.js --a--- 2925 bytes [07:28 21/01/2009] [07:07 06/08/2009]
aboutRobots.js --a--- 2927 bytes [07:28 21/01/2009] [07:07 06/08/2009]
browser.xpt --a--- 348861 bytes [08:38 17/10/2007] [10:00 16/09/2009]
browserdirprovider.dll --a--- 23032 bytes [07:28 21/01/2009] [10:00 16/09/2009]
brwsrcmp.dll --a--- 134648 bytes [07:28 21/01/2009] [10:00 16/09/2009]
FeedConverter.js --a--- 25339 bytes [08:38 17/10/2007] [07:07 06/08/2009]
FeedProcessor.js --a--- 66215 bytes [08:38 17/10/2007] [07:07 06/08/2009]
FeedWriter.js --a--- 49780 bytes [08:38 17/10/2007] [10:00 16/09/2009]
fuelApplication.js --a--- 38238 bytes [07:28 21/01/2009] [07:07 06/08/2009]
jsconsole-clhandler.js --a--- 1494 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsAddonRepository.js --a--- 11659 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsBadCertHandler.js --a--- 3104 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsBlocklistService.js --a--- 29984 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsBrowserContentHandler.js --a--- 33087 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsBrowserGlue.js --a--- 32409 bytes [08:38 17/10/2007] [10:00 16/09/2009]
nsContentDispatchChooser.js --a--- 5005 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsContentPrefService.js --a--- 29973 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsDefaultCLH.js --a--- 6247 bytes [08:07 19/10/2007] [07:07 06/08/2009]
nsDownloadManagerUI.js --a--- 5737 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsExtensionManager.js --a--- 333468 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsHandlerService.js --a--- 51214 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsHelperAppDlg.js --a--- 41716 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsIQTScriptablePlugin.xpt --a--- 2394 bytes [09:38 03/11/2008] [09:38 03/11/2008]
nsLivemarkService.js --a--- 36039 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsLoginInfo.js --a--- 4302 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsLoginManager.js --a--- 44047 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsLoginManagerPrompter.js --a--- 40367 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsMicrosummaryService.js --a--- 77051 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsPlacesTransactionsService.js --a--- 33805 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsPostUpdateWin.js --a--- 21420 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsProxyAutoConfig.js --a--- 13682 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSafebrowsingApplication.js --a--- 25176 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSearchService.js --a--- 110913 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSearchSuggestions.js --a--- 24273 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSessionStartup.js --a--- 11428 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSessionStore.js --a--- 76786 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSetDefaultBrowser.js --a--- 2854 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsSidebar.js --a--- 12513 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsTaggingService.js --a--- 9967 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsTryToClose.js --a--- 3268 bytes [07:28 21/01/2009] [07:07 06/08/2009]
nsUpdateService.js --a--- 114204 bytes [08:38 17/10/2007] [10:00 16/09/2009]
nsUrlClassifierLib.js --a--- 50600 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsUrlClassifierListManager.js --a--- 19983 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsURLFormatter.js --a--- 3097 bytes [08:38 17/10/2007] [07:07 06/08/2009]
nsWebHandlerApp.js --a--- 6920 bytes [07:28 21/01/2009] [07:07 06/08/2009]
pluginGlue.js --a--- 3142 bytes [07:28 21/01/2009] [07:07 06/08/2009]
storage-Legacy.js --a--- 49926 bytes [07:28 21/01/2009] [07:07 06/08/2009]
txEXSLTRegExFunctions.js --a--- 6667 bytes [07:28 21/01/2009] [07:07 06/08/2009]
WebContentConverter.js --a--- 34011 bytes [08:38 17/10/2007] [07:07 06/08/2009]

No folders found.

-=End Of File=-


I think we are getting closer, at least I hope so. Problem is still here.

Nothing suspicious there.

I believe, I never asked you, which browser is getting redirected.


Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!


STEP 3.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

__________________
My Home Page