Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When I Click On A Link In Firefox, Complitely Different Page Opens


  • This topic is locked This topic is locked
12 replies to this topic

#1 Vladf

Vladf

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 05 September 2008 - 12:31 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:05 AM, on 9/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Suki\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Suki\Downloads\stinger.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~2\wl_hook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~2\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8618 bytes

BC AdBot (Login to Remove)

 


#2 Vladf

Vladf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 06 September 2008 - 12:19 AM

Will anybody please check my HijackThis log !!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:05 AM, on 9/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Suki\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Suki\Downloads\stinger.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~2\wl_hook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~2\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8618 bytes



#3 Vladf

Vladf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 10 September 2008 - 03:24 AM

Seriously...in 4 days not eve 1 answer?!?!! :thumbsup:





Will anybody please check my HijackThis log !!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:05 AM, on 9/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Suki\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Suki\Downloads\stinger.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~2\wl_hook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~2\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8618 bytes



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 22 September 2008 - 11:02 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#5 Vladf

Vladf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 22 September 2008 - 11:58 PM

Thanks for responding back, I still have problem opening web pages...when i click on a link a page opens that has nothing to do with the link that i click on. looks like i clicked on another search engine....I have AVAST anti virus and i checked for a virus with panda & kasperski online scanner..but no luck...i have malwarebytes & ad-aware..but still nothing...so please check my log..you are my last chance.....

Thanks in advance

V

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 23 September 2008 - 10:04 AM

Let's dig down a bit:

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#7 Vladf

Vladf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 27 September 2008 - 08:03 PM

New HijackThis and ComboFix logs...Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:02 PM, on 9/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Test\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~2\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~2\wl_hook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~2\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8406 bytes









ComboFix 08-09-27.01 - Test1 2008-09-27 20:38:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013 [GMT -4:00]
Running from: C:\Users\Test\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\ShellIcon32.dll
C:\Windows\system32\NTIBUN4.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 19:43 . 2008-09-27 19:42 613,940 --a------ C:\Windows\System32\oem33.inf
2008-09-27 19:42 . 2008-09-27 19:42 <DIR> d-------- C:\Program Files\Broadcom
2008-09-27 19:41 . 2008-09-27 19:41 <DIR> d-------- C:\Users\All Users\Broadcom
2008-09-27 19:41 . 2008-09-27 19:41 <DIR> d-------- C:\ProgramData\Broadcom
2008-09-25 03:46 . 2008-08-26 02:45 376,832 --a------ C:\Windows\system\BtWizard.dll
2008-09-25 03:37 . 2008-08-26 02:45 376,832 --a------ C:\Windows\System32\BtWizard.dll
2008-09-25 02:44 . 2008-09-25 02:44 <DIR> d-------- C:\Program Filest
2008-09-23 03:14 . 2008-09-23 03:14 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-23 01:46 . 2008-09-23 01:46 <DIR> d-------- C:\Users\Test\AppData\Roaming\WinPatrol
2008-09-23 01:46 . 2008-09-23 01:57 <DIR> d-------- C:\Program Files\WinPatrol
2008-09-23 00:44 . 2008-09-23 00:44 0 --a------ C:\Windows\ativpsrm.bin
2008-09-18 01:57 . 2008-09-18 01:57 <DIR> d-------- C:\Users\Test\AppData\Roaming\VSRevoGroup
2008-09-18 01:37 . 2008-09-18 01:37 <DIR> d-------- C:\Program Files\VS Revo Group
2008-09-18 01:22 . 2008-09-18 01:41 <DIR> d-------- C:\Program Files\Frameworkx
2008-09-13 00:31 . 2008-09-21 12:32 <DIR> d-------- C:\Program Files\Moo0
2008-09-10 19:06 . 2008-09-10 19:06 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-10 19:06 . 2008-09-10 19:06 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 19:06 . 2008-09-10 19:06 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 19:06 . 2008-09-10 19:06 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 19:06 . 2008-09-10 19:06 <DIR> d-------- C:\Program Files\iPod
2008-09-10 19:06 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-10 19:06 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-10 19:04 . 2008-09-10 19:04 <DIR> d-------- C:\Program Files\Bonjour
2008-09-10 19:02 . 2008-09-10 19:03 <DIR> d-------- C:\Program Files\QuickTime
2008-09-10 18:58 . 2008-09-10 19:02 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-10 12:42 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 12:42 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 12:41 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 12:41 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 12:41 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 12:41 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 12:41 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 12:41 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 12:41 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 03:46 . 2008-09-16 22:11 <DIR> d-------- C:\Users\Test_2\Outlook
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 01:05 . 2008-09-05 01:05 12,632 --a------ C:\Windows\System32\lsdelete.exe
2008-09-04 22:32 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-04 22:32 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-04 22:32 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-04 22:32 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-04 22:31 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-04 22:31 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-04 22:31 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-04 22:31 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-04 22:31 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-04 11:46 . 2008-09-04 12:06 <DIR> d-------- C:\Users\All Users\Bluetooth
2008-09-04 11:46 . 2008-09-04 12:06 <DIR> d-------- C:\ProgramData\Bluetooth
2008-09-04 11:41 . 2008-09-04 12:06 32 --a------ C:\Windows\0
2008-09-04 11:41 . 2008-09-04 11:41 0 --a------ C:\Windows\System32\0
2008-09-04 01:52 . 2008-09-04 01:52 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-04 01:44 . 2008-09-04 01:44 <DIR> dr-h----- C:\MSOCache
2008-09-04 01:04 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-09-02 22:50 . 2008-09-02 22:51 <DIR> d-------- C:\Program Files\Opera
2008-09-02 22:23 . 2008-09-18 01:49 <DIR> d-------- C:\Program Files\Panda Security
2008-09-01 20:48 . 2008-06-30 17:13 242,704 --a------ C:\Windows\System32\drivers\afwcore.sys
2008-09-01 20:47 . 2008-07-11 15:41 673,920 --a------ C:\Windows\System32\drivers\SandBox.sys
2008-09-01 19:34 . 2008-09-01 19:34 <DIR> d-------- C:\Users\Test\AppData\Roaming\Malwarebytes
2008-09-01 19:34 . 2008-09-01 19:34 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-01 19:34 . 2008-09-01 19:34 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-01 19:34 . 2008-09-10 03:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 19:34 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-01 19:34 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-01 18:47 . 2008-09-01 18:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-01 15:07 . 2008-09-01 20:45 <DIR> d-------- C:\Program Files\Unlocker
2008-09-01 14:06 . 2008-09-01 23:09 <DIR> d-------- C:\Users\All Users\Remote Desktop Control 2
2008-09-01 14:06 . 2008-09-01 23:09 <DIR> d-------- C:\ProgramData\Remote Desktop Control 2
2008-09-01 01:26 . 2008-09-01 01:26 0 --a------ C:\Users\Test\SCHDLR.DAT
2008-08-31 02:55 . 2008-08-31 02:55 <DIR> d-------- C:\Program Files\Funambol
2008-08-30 06:58 . 2008-08-30 06:58 3,929,600 --a------ C:\Windows\System32\drivers\atikmdag.sys
2008-08-30 05:00 . 2008-08-30 05:00 425,984 --a------ C:\Windows\System32\ATIDEMGX.dll
2008-08-30 04:22 . 2008-08-30 04:22 3,107,788 --a------ C:\Windows\System32\atiumdva.dat
2008-08-30 04:15 . 2008-08-30 04:15 9,838,592 --a------ C:\Windows\System32\atioglxx.dll
2008-08-30 04:09 . 2008-08-30 04:09 50,688 --a------ C:\Windows\System32\amdpcom32.dll
2008-08-30 04:09 . 2008-08-30 04:09 48,640 --a------ C:\Windows\System32\atiadlxx.dll
2008-08-30 03:56 . 2008-08-30 03:56 53,248 --a------ C:\Windows\System32\drivers\ati2erec.dll
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll
2008-08-28 14:32 . 2008-09-01 20:45 <DIR> d-------- C:\Program Files\VirtualDJ
2008-08-28 13:46 . 2008-08-28 13:47 <DIR> d-------- C:\Users\Test\AppData\Roaming\ooVoo Details
2008-08-28 13:45 . 2008-09-24 16:05 <DIR> d-------- C:\Program Files\ooVoo
2008-08-28 03:12 . 2008-08-28 03:12 <DIR> d-------- C:\Users\Test_2\AppData\Roaming\EssentialPIM Pro
2008-08-28 02:04 . 2008-08-31 01:59 <DIR> d-------- C:\Users\Test\AppData\Roaming\EssentialPIM Pro
2008-08-28 01:24 . 2008-08-28 01:24 45 --a------ C:\Windows\System32\initdebug.nfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 00:37 5,022 ----a-w C:\Windows\System32\PerfStringBackup.TMP
2008-09-27 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 20:57 --------- d-----w C:\Users\Test\AppData\Roaming\Skype
2008-09-24 20:01 --------- d-----w C:\Users\Test\AppData\Roaming\skypePM
2008-09-21 16:35 --------- d-----w C:\Users\Test\AppData\Roaming\Yahoo!
2008-09-18 05:56 --------- d-----w C:\Program Files\Acer Inc
2008-09-13 16:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-10 16:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 07:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-09 22:06 --------- d-----w C:\Users\Test\AppData\Roaming\VSO
2008-09-05 15:51 --------- d-----w C:\Users\Test\AppData\Roaming\uTorrent
2008-09-04 05:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-03 02:14 --------- d-----w C:\Program Files\Launch Manager
2008-08-30 08:59 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-08-30 08:58 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-08-30 08:58 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-08-30 08:58 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-08-30 08:57 704,512 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-08-30 08:43 3,841,024 ----a-w C:\Windows\System32\atiumdag.dll
2008-08-30 08:22 4,654,592 ----a-w C:\Windows\System32\atiumdva.dll
2008-08-29 06:02 --------- d-----w C:\Users\Test\AppData\Roaming\OpenOffice.org2
2008-08-29 00:49 --------- d-----w C:\Users\Test\AppData\Roaming\U3
2008-08-27 03:39 --------- d-----w C:\Users\Test_2\AppData\Roaming\Talkback
2008-08-27 03:30 --------- d-----w C:\Users\Test_2\AppData\Roaming\Apple Computer
2008-08-27 00:00 --------- d-----w C:\Users\Test_2\AppData\Roaming\skypePM
2008-08-27 00:00 --------- d-----w C:\Users\Test_2\AppData\Roaming\Skype
2008-08-26 23:19 319,488 ----a-w C:\Windows\HideWin.exe
2008-08-26 21:12 --------- d-----w C:\ProgramData\Skype
2008-08-26 21:12 --------- d-----r C:\Program Files\Skype
2008-08-26 06:56 81,200 ----a-w C:\Windows\system32\drivers\btwavdt.sys
2008-08-26 06:56 79,664 ----a-w C:\Windows\system32\drivers\btwaudio.sys
2008-08-26 06:56 16,432 ----a-w C:\Windows\system32\drivers\btwrchid.sys
2008-08-26 05:55 --------- d-----w C:\Users\Test\AppData\Roaming\Prism
2008-08-21 16:31 --------- d-----w C:\Users\Test\AppData\Roaming\TomTom
2008-08-20 01:12 --------- d-----w C:\Program Files\Samsung
2008-08-17 05:35 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-12 20:21 6,265,376 ----a-w C:\Windows\RtHDVCpl.exe
2008-08-12 20:21 2,167,840 ------w C:\Windows\System32\RtkAPO.dll
2008-08-12 20:21 1,833,504 ----a-w C:\Windows\SkyTel.exe
2008-08-12 20:21 1,206,816 ----a-w C:\Windows\RtlUpd.exe
2008-08-12 20:09 2,159,384 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-08-05 13:46 --------- d-----w C:\Program Files\Common Files\Hypnotizer
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-29 19:42 528,384 ----a-w C:\Windows\RtlExUpd.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-21 23:48 174 --sha-w C:\Program Files\desktop.ini
2008-03-21 21:06 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-21 21:06 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-07-15 435528]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~2\op_mon.exe" [2008-07-15 1153352]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"WinPatrol"="C:\Program Files\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~2\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2007-02-02 15:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 02:27 133104 C:\Users\Test\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 20:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-04-04 00:04 813840 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-15 01:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 16:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CD4ECD6-E16F-4C35-B584-00BB3BF59A09}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{ADFAADB1-3FA7-4825-9D2D-654F9E0E28AA}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2645EF0E-E650-4160-AD3F-34FA982AAAB6}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9A0760FA-1CCA-439D-9B10-8ADD8E17F23B}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{838A9CF3-1A36-48F8-B9B0-0A169028D48A}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{2E3B04F0-F75B-4DB9-BFEB-8A322001F799}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{46ADB29B-2A31-423C-AAA8-41318E263DB4}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{B9069247-368F-4C2A-B480-CFD1C1EBFCFC}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{C33E3DEC-5088-4BE4-BFC3-560DA9951396}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{F236310A-061D-420E-B2BA-5C1E28E28C2E}C:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= UDP:C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate
"UDP Query User{3BE35A0E-7490-4F1E-847F-B7FF7BAD7A7A}C:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= TCP:C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate
"TCP Query User{FBFEAD61-ACAA-4073-9863-6DDE8D8F2A53}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{EA80F96F-68E6-43B3-A542-F65E949FE1F1}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{66B6DBBA-26D9-4F76-91B2-B32435BC8317}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B9C250D8-725D-4984-8603-D8409CCD988F}C:\\program files\\avant browser\\avant.exe"= UDP:C:\program files\avant browser\avant.exe:Avant Browser
"UDP Query User{94A1225A-8E29-4FDC-8C50-A415725BEBFF}C:\\program files\\avant browser\\avant.exe"= TCP:C:\program files\avant browser\avant.exe:Avant Browser
"{8E0936CB-C54E-42D2-B1AB-ED56C75FBD99}"= UDP:C:\Users\Test\AppData\Roaming\U3\000016761775553E\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"{D7BF1CA0-1A40-4E4A-B5E9-1FFDC3F6E16E}"= TCP:C:\Users\Test\AppData\Roaming\U3\000016761775553E\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"{6E0AC89E-731F-4751-93C8-D496CC8DBD22}"= UDP:C:\Users\Test\AppData\Roaming\U3\000016783775088F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:skype
"{7995E5B5-CB42-4452-82D7-F31AC8460AF7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AFB5B7E3-82AB-4457-A81B-C20EFE79D83B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{946A00AA-C69B-44AE-A40F-8BF7165CADDD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6BABE077-852C-453C-BD50-FE733E2CDA97}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{990AC235-469C-4000-9240-D804C612E5D6}"= Disabled:UDP:443:ooVoo TCP port 443
"{0F34E55D-D72B-4BEA-932E-B00FC10AA05C}"= Disabled:TCP:443:ooVoo UDP port 443
"{CB3D9288-6EC4-406D-AC28-AF94265CB855}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{7B79904A-CE5C-43CE-A1CF-194F4153F126}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{D24FA167-EA27-416E-9836-5E65F0C71D19}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{810D22C2-3E53-4AA1-83E4-11BF1E9D9BA9}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{343A45E9-C1BE-4C77-89CF-2F3A171001F4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{731D914D-59BF-47C3-AD78-559B0F99CE12}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7E38EDF7-A694-45DF-A2EF-9D82B9899333}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{60E90749-8633-4110-A110-A13E0305E7A1}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{83C8069C-1868-4258-9DE8-A43139197EB2}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{346E109F-9AA7-4001-80D3-E2AB74C01D8E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{FA732FE8-A0F1-4A31-B4FC-00A51C49FA82}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{052D9013-944D-4B11-973C-0A2F630A68F2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{898BC296-F49A-4E93-BE73-03200E7A757F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {5796368D-CE11-454C-9534-54BB5928A2F0},{346C066C-00FE-4D58-A139-1CD8E24969B4},{4AA14C3B-5547-4D1F-8EFF-C95C94A36DCE}


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {FA655EE9-A901-4381-BCD6-BDCEFE9124F1},{346C066C-00FE-4D58-A139-1CD8E24969B4},{4AA14C3B-5547-4D1F-8EFF-C95C94A36DCE}

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-06-30 28688]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-07-11 673920]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51 13560]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R3 afwcore;afwcore;C:\Windows\system32\drivers\afwcore.sys [2008-06-30 242704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-30 3929600]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 240128]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~2\acs.exe [2008-07-15 1238344]
S3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-07-11 33408]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2008-08-26 79664]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2008-08-26 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2008-08-26 16432]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb1fd466-221d-11dd-8f66-000000000000}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff602eb-6f8e-11dd-837f-000000000000}]
\shell\AutoRun\command - F:\TrueCrypt\TrueCrypt.exe /q background /e /c y /m rm /v "Test1"
\shell\dismount\command - F:\TrueCrypt\TrueCrypt.exe /q /d
\shell\start\command - F:\TrueCrypt\TrueCrypt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff602ee-6f8e-11dd-837f-000000000000}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d08b2d3b-5862-11dd-9091-000000000000}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Acer Assist Launcher - C:\Program Files\Acer Assist\launcher.exe
MSConfigStartUp-Acer Tour Reminder - C:\Acer\AcerTour\Reminder.exe
MSConfigStartUp-eDataSecurity Loader - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\euml1yfx.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\Users\Test\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 20:43:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-27 20:45:46
ComboFix-quarantined-files.txt 2008-09-28 00:45:38

Pre-Run: 37,781,565,440 bytes free
Post-Run: 37,418,381,312 bytes free

316 --- E O F --- 2008-09-27 23:07:55



this is an example:

http://www.vistax64.com/powershell/28714-remove-service.html => the link I was trying to access

http://www.kdirectory.co.uk/results.asp?qr...;bp=it+services => the web page where i ended after clicking on the above link

Edited by Vladf, 28 September 2008 - 07:55 PM.


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 29 September 2008 - 07:48 AM

Not really seeing anything other than what CF already removed. Does this happen with ever link or just random?

Also, is it always the same page?

#9 Vladf

Vladf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 30 September 2008 - 11:37 PM

Not really seeing anything other than what CF already removed. Does this happen with ever link or just random?

Also, is it always the same page?



kinda stopped happening before using combofix.exe.....it was not always the same page but I think it was always when I was using a search engine like google etc..from what you can see from the links that I sent..it looks like a click to the link would take me to another search page or so... :thumbsup: ..what is a CF?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 02 October 2008 - 08:28 PM

CF=Combofix

If the problem is not happening any more, maybe we should wait a few days and see if it happens again. Hopefully it is fixed now.

#11 Vladf

Vladf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 04 October 2008 - 11:00 AM

CF=Combofix

If the problem is not happening any more, maybe we should wait a few days and see if it happens again. Hopefully it is fixed now.



Ok I'll wait n let you know...do you know what is that CF has removed..is that a virus, spyware or what?

Thanks for all your help!

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 04 October 2008 - 03:30 PM

Not 100% sure, but I think its adware.

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 16 October 2008 - 08:48 AM

As there has been no response, I will be closing this topic. If you require help in the future please create a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users