Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with redirect virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 ashift4

ashift4

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 08 December 2008 - 05:48 PM

Hi,
I was infected with a redirect virus. I got it from a version of winrar i got from download.com. I'm pretty sure its the same as here http://www.bleepingcomputer.com/forums/lof...hp/t177692.html.
It caused some popups but I got those to stop through my regular antivirus (avg). Now my problem seems to be that most search engines (google and yahoo) redirect here http://www.google.com/search?q=sdgf&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a when I use my search box or to a page that asks me download here http://www.antispy.com/index.htm.

Heres my logs
Logfile of random's system information tool 1.04 (written by random/random)
Run by Ayal at 2008-12-08 14:36:19
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 30 GB (79%) free of 38 GB
Total RAM: 639 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:24 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ayal\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ayal.exe

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 5948 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explore]
C:\WINDOWS\system32\explore.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-23 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter Utility.lnk]
C:\PROGRA~1\Linksys\WIRELE~1\Startup.exe [2004-02-18 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-08 14:36:19 ----D---- C:\rsit
2008-12-08 14:23:49 ----D---- C:\Program Files\Trend Micro
2008-12-08 14:11:12 ----D---- C:\_OTScanIt
2008-12-08 13:33:37 ----D---- C:\Documents and Settings\Ayal\Application Data\Malwarebytes
2008-12-08 13:33:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 13:33:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-08 11:59:51 ----D---- C:\Documents and Settings\Ayal\Application Data\WinRAR
2008-12-08 11:59:35 ----D---- C:\Program Files\WinRAR
2008-12-08 11:55:59 ----D---- C:\Program Files\7-Zip
2008-12-04 09:15:53 ----D---- C:\Titans of Steel
2008-12-04 08:44:18 ----D---- C:\ClonkPlanet
2008-12-04 08:44:18 ----A---- C:\WINDOWS\system32\GkSui18.EXE
2008-12-04 08:40:38 ----D---- C:\Program Files\Rockstar Games
2008-12-04 08:40:27 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-04 08:39:47 ----D---- C:\TEMP
2008-11-17 14:22:36 ----D---- C:\Program Files\Star Alliance Mileage Calculator
2008-11-13 08:35:43 ----D---- C:\WINDOWS\pss
2008-11-12 14:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 14:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 09:26:38 ----D---- C:\WINDOWS\Sun

======List of files/folders modified in the last 1 months======

2008-12-08 14:36:23 ----D---- C:\WINDOWS\Temp
2008-12-08 14:36:20 ----D---- C:\WINDOWS\Prefetch
2008-12-08 14:23:49 ----RD---- C:\Program Files
2008-12-08 14:12:30 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 13:54:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 13:41:20 ----D---- C:\WINDOWS\system32
2008-12-08 13:33:34 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 12:48:10 ----SH---- C:\boot.ini
2008-12-08 12:48:10 ----A---- C:\WINDOWS\win.ini
2008-12-08 12:48:10 ----A---- C:\WINDOWS\system.ini
2008-12-08 12:09:08 ----D---- C:\Program Files\EmeraldStorm3
2008-12-08 12:08:16 ----SHD---- C:\WINDOWS\Installer
2008-12-08 12:08:16 ----SD---- C:\Documents and Settings\Ayal\Application Data\Microsoft
2008-12-08 12:08:15 ----D---- C:\Program Files\TheDemonsMantra
2008-12-08 09:13:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 09:15:53 ----D---- C:\WINDOWS\system
2008-12-04 08:41:59 ----D---- C:\WINDOWS
2008-12-03 22:01:53 ----HD---- C:\WINDOWS\inf
2008-11-26 15:52:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-24 08:47:24 ----D---- C:\WINDOWS\Help
2008-11-24 08:47:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-17 13:36:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-12 14:32:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 14:32:49 ----A---- C:\WINDOWS\imsins.BAK
2008-11-09 10:47:56 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-09 10:47:55 ----D---- C:\Program Files\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-19 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-19 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-19 76040]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 BCM43XX;802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 62673]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-19 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-19 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]
S2 NICSer_WPC54G;NICSer_WPC54G; C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 455680]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-23 152984]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-12-08 14:36:25

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
General 4.5b-->C:\PROGRA~1\General\UNWISE.EXE C:\PROGRA~1\General\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Odyssey Client-->MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Uninstall Star Alliance Mileage Calculator-->"C:\Program Files\Star Alliance Mileage Calculator\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Wild Metal Country-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rockstar Games\Wild Metal Country\Uninst.isu"
Wireless-G Notebook Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9

======Hosts File======

61.157.217.210 www.yahoo.com
61.157.217.210 www.google.com
61.157.217.210 www.google.co.uk
61.157.217.210 www.myspace.com
61.157.217.210 www.youtube.com
61.157.217.210 www.facebook.com
61.157.217.210 www.antispy.com
61.157.217.210 www.yahoo.com
61.157.217.210 www.yahoo.co.uk
61.157.217.210 www.antispyware.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


AND since I'm pretty sure its the same virus as in the other post, here is my OTscanit log

OTScanIt2 logfile created on: 12/8/2008 2:11:21 PM - Run 2
OTScanIt2 by OldTimer - Version 1.0.2.1	 Folder = C:\Documents and Settings\Ayal\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
638.98 Mb Total Physical Memory | 451.78 Mb Available Physical Memory | 70.70% Memory free
1.53 Gb Paging File | 1.32 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 29.28 Gb Free Space | 78.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 27.81 Gb Total Space | 6.19 Gb Free Space | 22.24% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: Ayal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/19 10:44:45 | 00,611,664 | ---- | M] (Lavasoft)
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/10/19 10:52:26 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008/10/19 10:52:27 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/10/19 10:52:25 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/19 10:44:45 | 00,611,664 | ---- | M] (Lavasoft)
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/10/19 10:52:26 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/10/19 10:52:25 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2006/02/28 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/10/23 09:15:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NICSer_WPC54G) NICSer_WPC54G [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\NICServ.exe -> [2003/11/13 12:29:40 | 00,455,680 | ---- | M] ()
 
[Driver Services - Safe List]
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/10/19 10:52:37 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/10/19 10:52:36 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/10/19 10:52:42 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BCM43XX) 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcmwl5.sys -> [2003/07/17 15:40:06 | 00,265,728 | ---- | M] (Broadcom Corporation)
(CBTNDIS5) CBTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CBTNDIS5.sys -> [2003/07/16 21:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(odysseyIM3) Odyssey Network Services Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\odysseyIM3.sys -> [2003/05/14 15:01:42 | 00,062,673 | R--- | M] (Funk Software, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2006/02/28 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2006/02/28 04:00:00 | 00,027,440 | ---- | M] ()
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\stac97.sys -> [2004/11/15 14:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" ->  -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Ayal\Application Data\Mozilla\FireFox\Profiles\wpkqadz7.default\prefs.js -> 
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.26 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (2779 bytes and 75 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
61.157.217.210   www.yahoo.com
61.157.217.210   www.google.com
61.157.217.210   www.google.co.uk
61.157.217.210   www.myspace.com
61.157.217.210   www.youtube.com
61.157.217.210   www.facebook.com
61.157.217.210   www.antispy.com
61.157.217.210   www.yahoo.com
61.157.217.210   www.yahoo.co.uk
61.157.217.210   www.antispyware.com
61.157.217.210   antispyware.com
61.157.217.210   antispy.com
61.157.217.210   www.msn.com
123.251.143.110   www.asdfasdfd.com
123.251.143.110   www.gg.com
123.251.143.110   www.ghfhj.com
123.251.143.110   www.cvnbcvnb.com
123.251.143.110   www.1.com
123.251.143.110   www.3.com
123.251.143.110   www.asdf4asdfd.com
123.251.143.110   www.asdfawsdfd.com
123.251.143.110   www.asdfatsdfd.com
123.251.143.110   www.asdfasdfd.com
123.251.143.110   www.asdfadsdfd.com
123.251.143.110   www.asdfasdfd.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2008/10/19 10:52:29 | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/10/23 09:15:14 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/10/23 09:15:13 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/10/23 09:15:15 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008/11/27 07:50:24 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Ayal Startup Folder > -> C:\Documents and Settings\Ayal\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{43454454-CFD2-4E21-873A-F4349F2C731C} ->	(1394 Net Adapter) -> 
{F95047F8-80CF-4737-B795-086B38B37E34} ->	(Wireless-G Notebook Adapter) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/10/19 10:52:42 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2006/02/28 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2006/02/28 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/10/19 10:52:26 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/10/19 10:52:26 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Java\jre6\bin\javaw.exe" -> C:\Program Files\Java\jre6\bin\javaw.exe [C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> [2008/10/23 09:15:13 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2006/02/28 04:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/10/19 10:05:24 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/12/08 14:11:12 | 00,000,000 | ---D | C]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/08 14:07:22 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/08 14:07:00 | 00,647,651 | ---- | C] ()
Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/08 13:33:37 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/08 13:33:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/08 13:33:34 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/08 13:33:32 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/08 13:33:30 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/08 13:33:30 | 00,000,000 | ---D | C]
WinRAR -> %AppData%\WinRAR -> [2008/12/08 11:59:51 | 00,000,000 | ---D | C]
WinRAR -> %ProgramFiles%\WinRAR -> [2008/12/08 11:59:35 | 00,000,000 | ---D | C]
7-Zip -> %ProgramFiles%\7-Zip -> [2008/12/08 11:55:59 | 00,000,000 | ---D | C]
ePSXeCutor1060.zip -> %UserProfile%\Desktop\ePSXeCutor1060.zip -> [2008/12/08 11:00:16 | 00,196,470 | ---- | C] ()
epsxe170 -> %UserProfile%\Desktop\epsxe170 -> [2008/12/08 10:56:34 | 00,000,000 | ---D | C]
roms -> %UserProfile%\Desktop\roms -> [2008/12/08 10:55:52 | 00,000,000 | ---D | C]
Titans of Steel -> %SystemDrive%\Titans of Steel -> [2008/12/04 09:15:53 | 00,000,000 | ---D | C]
GkSui18.EXE -> %SystemRoot%\System32\GkSui18.EXE -> [2008/12/04 08:44:18 | 00,073,728 | ---- | C] ()
ClonkPlanet -> %SystemDrive%\ClonkPlanet -> [2008/12/04 08:44:18 | 00,000,000 | ---D | C]
Rockstar Games -> %ProgramFiles%\Rockstar Games -> [2008/12/04 08:40:38 | 00,000,000 | ---D | C]
TEMP -> %SystemDrive%\TEMP -> [2008/12/04 08:39:47 | 00,000,000 | ---D | C]
enations.rar -> %UserProfile%\Desktop\enations.rar -> [2008/12/03 21:17:26 | 32,103,2226 | ---- | C] ()
Star Alliance Mileage Calculator.lnk -> %UserProfile%\Desktop\Star Alliance Mileage Calculator.lnk -> [2008/11/17 14:22:41 | 00,000,970 | ---- | C] ()
Star Alliance Mileage Calculator -> %ProgramFiles%\Star Alliance Mileage Calculator -> [2008/11/17 14:22:36 | 00,000,000 | ---D | C]
StarAllianceRTWMC.exe -> %UserProfile%\Desktop\StarAllianceRTWMC.exe -> [2008/11/17 14:18:31 | 10,342,943 | ---- | C] (															)
Aurora Wing -> %UserProfile%\Desktop\Aurora Wing -> [2008/11/17 10:02:51 | 00,000,000 | ---D | C]
pss -> %SystemRoot%\pss -> [2008/11/13 08:35:43 | 00,000,000 | ---D | C]
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/11 13:56:02 | 00,453,632 | ---- | C] (Microsoft Corporation)
Shockwave_Installer_Slim.exe -> %UserProfile%\Desktop\Shockwave_Installer_Slim.exe -> [2008/11/11 11:32:41 | 04,594,616 | ---- | C] ()
Sun -> %SystemRoot%\Sun -> [2008/11/11 09:26:38 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2008/10/19 11:14:00 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/03 21:06:42 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/03 21:05:45 | 00,006,165 | ---- | M] ()
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/08 14:08:16 | 00,000,000 | ---D | M]
Perflib_Perfdata_154.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_154.dat -> [2008/11/18 19:31:04 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_15c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_15c.dat -> [2008/12/04 08:28:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_62c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat -> [2008/10/19 10:48:39 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_dc.dat -> [2008/12/04 08:34:50 | 00,016,384 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/08 14:07:01 | 00,647,651 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/08 13:55:37 | 00,000,006 | -H-- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/08 13:55:26 | 00,013,646 | ---- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/08 13:55:20 | 00,002,048 | --S- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/08 13:53:53 | 03,198,488 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/08 13:33:34 | 00,000,696 | ---- | M] ()
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2008/12/08 13:27:38 | 00,000,664 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008/12/08 12:52:08 | 30,663,287 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/12/08 12:48:10 | 00,000,477 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2008/12/08 12:48:10 | 00,000,321 | -HS- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2008/12/08 12:48:10 | 00,000,227 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/12/08 12:47:45 | 00,002,779 | ---- | M] ()
ePSXeCutor1060.zip -> %UserProfile%\Desktop\ePSXeCutor1060.zip -> [2008/12/08 11:00:17 | 00,196,470 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008/12/07 00:31:47 | 00,086,440 | ---- | M] ()
enations.rar -> %UserProfile%\Desktop\enations.rar -> [2008/12/03 21:27:48 | 32,103,2226 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:54:08 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:54:04 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
Star Alliance Mileage Calculator.lnk -> %UserProfile%\Desktop\Star Alliance Mileage Calculator.lnk -> [2008/11/17 14:22:41 | 00,000,970 | ---- | M] ()
StarAllianceRTWMC.exe -> %UserProfile%\Desktop\StarAllianceRTWMC.exe -> [2008/11/17 14:19:10 | 10,342,943 | ---- | M] (															)
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008/11/13 08:35:13 | 00,334,743 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/12 14:32:49 | 00,001,393 | ---- | M] ()
Shockwave_Installer_Slim.exe -> %UserProfile%\Desktop\Shockwave_Installer_Slim.exe -> [2008/11/11 11:32:41 | 04,594,616 | ---- | M] ()
< End of report >


THANK YOU!!!

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 AM

Posted 16 December 2008 - 10:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ashift4

ashift4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 18 December 2008 - 12:01 AM

Thanks a lot.

Combofix

ComboFix 08-12-17.01 - Ayal 2008-12-17 20:54:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.448 [GMT -8:00]
Running from: c:\documents and settings\Ayal\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-11 09:01 . 2008-12-11 11:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-11 09:01 . 2008-12-11 11:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 14:36 . 2008-12-08 14:36 <DIR> d-------- C:\rsit
2008-12-08 14:23 . 2008-12-08 14:23 <DIR> d-------- c:\program files\Trend Micro
2008-12-08 14:11 . 2008-12-08 14:11 <DIR> d-------- C:\_OTScanIt
2008-12-08 13:33 . 2008-12-08 13:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 13:33 . 2008-12-08 13:33 <DIR> d-------- c:\documents and settings\Ayal\Application Data\Malwarebytes
2008-12-08 13:33 . 2008-12-08 13:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 13:33 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 13:33 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-08 11:55 . 2008-12-08 11:56 <DIR> d-------- c:\program files\7-Zip
2008-12-04 09:15 . 2008-12-08 12:07 <DIR> d-------- C:\Titans of Steel
2008-12-04 08:44 . 2008-12-08 12:09 <DIR> d-------- C:\ClonkPlanet
2008-12-04 08:44 . 2004-03-14 12:39 73,728 --a------ c:\windows\system32\GkSui18.EXE
2008-12-04 08:40 . 2008-12-04 08:40 <DIR> d-------- c:\program files\Rockstar Games
2008-12-04 08:40 . 2008-12-04 08:40 <DIR> d-------- c:\documents and settings\Ayal\WINDOWS
2008-12-04 08:40 . 1997-11-19 14:49 303,616 --a------ c:\windows\IsUninst.exe
2008-12-04 08:39 . 2008-12-04 08:40 <DIR> d-------- c:\temp\WMCINSTALL
2008-12-04 08:39 . 2008-12-04 08:39 <DIR> d-------- C:\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 20:09 --------- d-----w c:\program files\EmeraldStorm3
2008-12-08 20:08 --------- d-----w c:\program files\TheDemonsMantra
2008-11-24 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-19 03:40 --------- d-----w c:\program files\Star Alliance Mileage Calculator
2008-11-09 18:47 --------- d-----w c:\program files\NOS
2008-11-09 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-06 17:41 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-06 17:40 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 19:04 --------- d-----w c:\program files\DOSBox-0.72
2008-10-27 03:01 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-27 03:01 249,856 ------w c:\windows\Setup1.exe
2008-10-27 01:21 --------- d-----w c:\program files\Dink Smallwood
2008-10-27 00:43 --------- d-----w c:\program files\General
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 17:20 --------- d-----w c:\program files\freecol
2008-10-23 17:15 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 17:15 --------- d-----w c:\program files\Java
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 21:31 --------- d-----w c:\program files\Astral Masters
2008-10-19 21:29 --------- d-----w c:\program files\ReflexiveArcade
2008-10-19 18:52 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-19 18:52 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-19 18:52 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-19 18:52 --------- d-----w c:\program files\AVG
2008-10-19 18:45 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-19 18:44 --------- d-----w c:\program files\Lavasoft
2008-10-19 18:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-19 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-19 18:26 --------- d-----w c:\program files\Linksys
2008-10-19 18:26 --------- d-----w c:\program files\Funk Software
2008-10-19 18:26 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-19 18:26 --------- d-----w c:\program files\Common Files\Funk Software
2008-10-19 18:05 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk
backup=c:\windows\pss\Wireless-G Notebook Adapter Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-23 09:15 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-19 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-19 76040]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-explore - c:\windows\system32\explore.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Ayal\Application Data\Mozilla\Firefox\Profiles\wpkqadz7.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 20:55:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\avgrsstx.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-17 20:56:28
ComboFix-quarantined-files.txt 2008-12-18 04:56:11

Pre-Run: 32,719,798,272 bytes free
Post-Run: 32,774,041,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

144 --- E O F --- 2008-12-16 00:54:55


Hijackthis
Logfile of random's system information tool 1.04 (written by random/random)
Run by Ayal at 2008-12-17 20:57:55
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 31 GB (82%) free of 38 GB
Total RAM: 639 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:03 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ayal\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ayal.exe

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6532 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-23 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter Utility.lnk]
C:\PROGRA~1\Linksys\WIRELE~1\Startup.exe [2004-02-18 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-17 20:56:31 ----D---- C:\WINDOWS\temp
2008-12-17 20:56:30 ----A---- C:\ComboFix.txt
2008-12-17 20:54:14 ----A---- C:\Boot.bak
2008-12-17 20:54:05 ----RASHD---- C:\cmdcons
2008-12-17 20:52:52 ----A---- C:\WINDOWS\zip.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\VFIND.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\SWSC.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\SWREG.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\sed.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\grep.exe
2008-12-17 20:52:52 ----A---- C:\WINDOWS\fdsv.exe
2008-12-17 20:52:48 ----D---- C:\WINDOWS\ERDNT
2008-12-17 20:52:48 ----D---- C:\Qoobox
2008-12-15 16:54:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-15 16:54:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-15 16:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 16:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 16:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 09:01:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-11 09:01:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 14:36:19 ----D---- C:\rsit
2008-12-08 14:23:49 ----D---- C:\Program Files\Trend Micro
2008-12-08 14:11:12 ----D---- C:\_OTScanIt
2008-12-08 13:33:37 ----D---- C:\Documents and Settings\Ayal\Application Data\Malwarebytes
2008-12-08 13:33:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 13:33:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-08 11:59:51 ----D---- C:\Documents and Settings\Ayal\Application Data\WinRAR
2008-12-08 11:59:35 ----D---- C:\Program Files\WinRAR
2008-12-08 11:55:59 ----D---- C:\Program Files\7-Zip
2008-12-04 09:15:53 ----D---- C:\Titans of Steel
2008-12-04 08:44:18 ----D---- C:\ClonkPlanet
2008-12-04 08:44:18 ----A---- C:\WINDOWS\system32\GkSui18.EXE
2008-12-04 08:40:38 ----D---- C:\Program Files\Rockstar Games
2008-12-04 08:40:27 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-04 08:39:47 ----D---- C:\TEMP

======List of files/folders modified in the last 1 months======

2008-12-17 20:56:32 ----D---- C:\WINDOWS\system32
2008-12-17 20:56:31 ----D---- C:\WINDOWS
2008-12-17 20:55:37 ----A---- C:\WINDOWS\system.ini
2008-12-17 20:55:04 ----D---- C:\WINDOWS\system32\drivers
2008-12-17 20:55:03 ----D---- C:\WINDOWS\AppPatch
2008-12-17 20:55:03 ----D---- C:\Program Files\Common Files
2008-12-17 20:54:14 ----RASH---- C:\boot.ini
2008-12-17 20:53:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 20:52:40 ----D---- C:\WINDOWS\Prefetch
2008-12-17 20:47:20 ----D---- C:\Program Files\Mozilla Firefox
2008-12-15 16:54:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-15 16:54:54 ----HD---- C:\WINDOWS\inf
2008-12-15 16:54:46 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 16:54:20 ----D---- C:\Program Files\Internet Explorer
2008-12-15 16:53:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 08:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 09:01:51 ----RD---- C:\Program Files
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 12:48:10 ----A---- C:\WINDOWS\win.ini
2008-12-08 12:09:08 ----D---- C:\Program Files\EmeraldStorm3
2008-12-08 12:08:16 ----SHD---- C:\WINDOWS\Installer
2008-12-08 12:08:16 ----SD---- C:\Documents and Settings\Ayal\Application Data\Microsoft
2008-12-08 12:08:15 ----D---- C:\Program Files\TheDemonsMantra
2008-12-04 09:15:53 ----D---- C:\WINDOWS\system
2008-11-24 08:47:24 ----D---- C:\WINDOWS\Help
2008-11-24 08:47:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-18 19:40:21 ----D---- C:\Program Files\Star Alliance Mileage Calculator

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-19 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-19 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-19 76040]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 BCM43XX;802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 62673]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-19 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-19 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]
S2 NICSer_WPC54G;NICSer_WPC54G; C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 455680]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-23 152984]

-----------------EOF-----------------

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 AM

Posted 18 December 2008 - 01:06 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot and post a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ashift4

ashift4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 18 December 2008 - 08:10 PM

Hi,

Thanks for the help

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:25 PM, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 2353 bytes


I can now access the websites I could not before. Fixed!

However I have found another problem. Now when I try to run msconfig I get a "Windows cannot find msconfig" error. Any ideas?

Thanks again

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 AM

Posted 19 December 2008 - 12:50 AM

However I have found another problem. Now when I try to run msconfig I get a "Windows cannot find msconfig" error. Any ideas?

Are you sure you've entered the command correctly?
So via start > run, type: msconfig.exe

Hit enter.

Does that still give you the same error?

If so, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE]
@="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 ashift4

ashift4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 19 December 2008 - 09:07 PM

Fixed. Awesome. Thank You

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 AM

Posted 20 December 2008 - 01:03 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 AM

Posted 21 December 2008 - 04:02 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users