Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by a virus or spyware


  • This topic is locked This topic is locked
23 replies to this topic

#1 galvatron10000

galvatron10000

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 13 January 2009 - 12:04 PM

.

Edited by galvatron10000, 13 January 2009 - 10:15 PM.


BC AdBot (Login to Remove)

 


#2 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 13 January 2009 - 12:18 PM

.

Edited by galvatron10000, 13 January 2009 - 10:16 PM.


#3 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 13 January 2009 - 03:33 PM

Title was: can someone help me AVG my display proprieties is locked, my computer was hijack ~ OB

i ran a full scan with AVG 8.0 and a rootkit as well
my display manager is locked and i always have that anti virus thing to download popping up
i think im up to date as well
hopefully someone can help me

************************

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 15:30:21.81 on Tue 01/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2476 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
{a3d98552-9277-49d7-82aa-d58307a09a87}
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [DT LGE] c:\program files\common files\portrait displays\shared\DT_startup.exe -LGE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Framework Windows] frmwrk32.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: karna.dat,bbczhd.dll,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnkHBut

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dtcu3dik.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-13 12936]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-20 39472]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-13 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-13 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-13 90632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-1-13 29208]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-13 874776]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-13 231704]
R4 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-1-13 1212184]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-1-13 29208]
S3 hid8101;hid8101;c:\windows\system32\drivers\system32.sys [2008-5-22 64880]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-01-13 15:11 127 a------- c:\windows\system32\MRT.INI
2009-01-13 14:53 1,302 a------- c:\windows\Sandboxie.ini
2009-01-13 14:53 <DIR> --d----- c:\program files\Sandboxie
2009-01-13 14:00 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-13 13:42 121 a------- c:\windows\bdagent.INI
2009-01-13 13:35 850 a------- c:\windows\system32\ProductTweaks.xml
2009-01-13 13:35 385 a------- c:\windows\system32\user_gensett.xml
2009-01-13 12:56 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-13 12:56 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-13 12:55 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-13 12:55 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-13 12:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-13 12:55 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-01-13 12:55 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-01-13 12:55 <DIR> --d----- c:\program files\AVG
2009-01-13 12:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-13 12:48 <DIR> --d----- c:\windows\system32\logs
2009-01-13 12:48 <DIR> --d----- c:\program files\BitDefender
2009-01-13 12:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-01-13 12:47 <DIR> --d----- c:\program files\common files\BitDefender
2009-01-13 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-13 12:44 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-13 12:44 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-01-13 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-13 11:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-13 11:04 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-01-13 11:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-13 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-12 20:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-12 14:39 503 a------- c:\windows\system32\win32hlp.cnf
2009-01-12 14:39 111,616 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-12 14:08 1 a------- c:\windows\system32\uniq.tll
2009-01-12 14:08 1 a------- c:\windows\system32\test.ttt
2009-01-12 14:01 1,300,015 ---sh--- c:\windows\system32\iimsljvu.ini
2009-01-12 13:58 401,347 a--sh--- c:\windows\system32\tuBHknmp.ini2
2009-01-12 13:58 401,347 a--sh--- c:\windows\system32\tuBHknmp.ini
2009-01-12 13:53 0 a------- c:\windows\system32\drivers\senekaqkkylrve.sys
2009-01-10 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 14:05 22,912 a------- c:\windows\system32\drivers\lgusbmodem.sys
2008-12-30 14:05 21,248 a------- c:\windows\system32\drivers\lgusbdiag.sys
2008-12-30 14:05 12,672 a------- c:\windows\system32\drivers\lgusbbus.sys
2008-12-30 14:05 <DIR> --d----- c:\program files\LG Electronics
2008-12-27 13:41 <DIR> --d----- c:\program files\Bonjour
2008-12-27 13:40 <DIR> --d----- c:\program files\iPod
2008-12-27 13:40 <DIR> --d----- c:\program files\iTunes
2008-12-27 13:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 20:01 <DIR> --d----- c:\program files\BitPim
2008-12-26 19:30 <DIR> --d----- c:\program files\QPST

==================== Find3M ====================

2009-01-12 14:39 111,616 a------- c:\windows\system32\userinit.exe
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 19:49 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-03 19:44 4,552 a------- c:\program files\common files\unins000.dat
2008-12-03 19:44 728,858 a------- c:\program files\common files\unins000.exe
2008-11-25 09:22 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-07 01:03 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-11-05 19:15 39,424 a------- c:\windows\zipinst.exe
2008-10-31 00:58 22,328 ac------ c:\docume~1\owner\applic~1\PnkBstrK.sys
2008-10-31 00:57 2,250,024 a------- c:\windows\system32\pbsvc.exe
2008-10-31 00:57 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-28 21:23 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-10-28 21:22 314,880 a------- c:\windows\system32\ati2dvag.dll
2008-10-28 21:11 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-10-28 21:11 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-10-28 21:11 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-10-28 21:11 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-10-28 21:10 10,973,184 a------- c:\windows\system32\atioglxx.dll
2008-10-28 21:10 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-10-28 21:09 585,728 a------- c:\windows\system32\ati2evxx.exe
2008-10-28 21:07 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-10-28 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-10-28 20:57 4,041,472 a------- c:\windows\system32\ati3duag.dll
2008-10-28 20:49 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-10-28 20:41 2,472,832 a------- c:\windows\system32\ativvaxx.dll
2008-10-28 20:25 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-10-28 20:21 389,120 a------- c:\windows\system32\atikvmag.dll
2008-10-28 20:19 44,032 a------- c:\windows\system32\atiadlxx.dll
2008-10-28 20:19 17,408 a------- c:\windows\system32\atitvo32.dll
2008-10-28 20:18 253,952 a------- c:\windows\system32\atiok3x2.dll
2008-10-28 20:12 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-27 12:06 4,096 a------- c:\windows\d3dx.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-22 22:58 13,408 a------- c:\windows\system32\ealregsnapshot1.reg
2008-10-21 12:51 118,784 a------- c:\windows\system32\atibrtmon.exe
2008-10-21 11:40 81,920 a------- c:\windows\system32\ATIODE.exe
2008-10-21 11:40 45,056 a------- c:\windows\system32\ATIODCLI.exe
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-04-19 21:22 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-09 07:25 236 a---h--- c:\program files\common files\dx.reg
2008-04-19 10:37 8 ---shr-- c:\windows\system32\2ACA699CF5.sys
2008-04-22 16:59 5,018 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-27 20:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 15:31:08.25 ===============

Attached Files


Edited by Orange Blossom, 13 January 2009 - 08:23 PM.
Merged topics. ~ OB


#4 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 13 January 2009 - 03:41 PM

this is the hijackthis log
hopefully one of you guys can help me it would be much appreciated

*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:47 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A3D98552-9277-49D7-82AA-D58307A09A87} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-21-1645522239-448539723-839522115-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1645522239-448539723-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat,bbczhd.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10948 bytes

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 14 January 2009 - 04:04 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 14 January 2009 - 12:59 PM

combofix log
**********************
ComboFix 09-01-13.04 - Owner 2009-01-14 12:51:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2804 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
* Created a new restore point
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\.#\MBX@FA4@94D020.###
c:\documents and settings\Owner\Application Data\.#\MBX@FA4@94E8E0.###
c:\documents and settings\Owner\Application Data\.#\MBX@FA4@94EB40.###
c:\windows\system32\drivers\senekaqkkylrve.sys
c:\windows\system32\test.ttt
c:\windows\system32\win32hlp.cnf

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-13 20:01 . 2009-01-13 20:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-13 15:35 . 2009-01-13 15:35 <DIR> d-------- C:\Sandbox
2009-01-13 15:11 . 2009-01-13 15:11 127 --a------ c:\windows\system32\MRT.INI
2009-01-13 15:09 . 2009-01-13 22:53 1,917 --a------ c:\windows\imsins.BAK
2009-01-13 14:53 . 2009-01-13 14:53 <DIR> d-------- c:\program files\Sandboxie
2009-01-13 14:53 . 2009-01-14 12:52 1,542 --a------ c:\windows\Sandboxie.ini
2009-01-13 13:42 . 2009-01-13 13:58 121 --a------ c:\windows\bdagent.INI
2009-01-13 13:35 . 2009-01-13 13:35 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-01-13 13:35 . 2009-01-13 13:35 385 --a------ c:\windows\system32\user_gensett.xml
2009-01-13 12:55 . 2009-01-13 12:55 <DIR> d-------- c:\program files\AVG
2009-01-13 12:48 . 2009-01-13 12:48 <DIR> d-------- c:\windows\system32\logs
2009-01-13 12:48 . 2009-01-13 13:59 <DIR> d-------- c:\program files\BitDefender
2009-01-13 12:48 . 2009-01-13 12:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-13 12:47 . 2009-01-13 13:59 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-01-13 12:44 . 2009-01-13 12:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-13 12:44 . 2009-01-14 12:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-13 12:44 . 2009-01-13 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 11:38 . 2009-01-13 11:38 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-13 11:11 . 2009-01-13 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-13 11:04 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-01-13 11:03 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-13 11:03 . 2009-01-13 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 20:00 . 2009-01-13 11:20 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-02 22:13 . 2009-01-02 22:13 <DIR> d-------- c:\program files\Google
2008-12-30 14:05 . 2008-12-30 14:05 <DIR> d-------- c:\program files\LG Electronics
2008-12-30 14:05 . 2007-04-09 09:55 22,912 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-30 14:05 . 2007-04-09 09:56 21,248 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-30 14:05 . 2007-04-09 09:53 12,672 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-27 13:41 . 2008-12-27 13:41 <DIR> d-------- c:\program files\Bonjour
2008-12-27 13:40 . 2008-12-27 13:41 <DIR> d-------- c:\program files\iTunes
2008-12-27 13:40 . 2008-12-27 13:40 <DIR> d-------- c:\program files\iPod
2008-12-27 13:40 . 2008-12-27 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 13:39 . 2008-12-27 13:40 <DIR> d-------- c:\program files\QuickTime
2008-12-26 20:01 . 2008-12-26 20:01 <DIR> d-------- c:\program files\BitPim
2008-12-26 19:30 . 2009-01-12 15:46 <DIR> d-------- c:\program files\QPST

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 17:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 17:54 --------- d-----w c:\program files\lg_fwupdate
2009-01-14 02:23 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2009-01-14 02:21 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2009-01-13 21:28 --------- d-----w c:\program files\Opera
2009-01-13 19:31 --------- d-----w c:\program files\GameSpy Arcade
2009-01-13 18:33 --------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2009-01-12 20:21 --------- d-----w c:\program files\Steam
2009-01-12 19:15 --------- d-----w c:\program files\Azureus
2009-01-11 03:31 --------- d-----w c:\program files\Full Tilt Poker
2008-12-30 19:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 18:40 --------- d-----w c:\program files\Common Files\Apple
2008-12-16 06:56 --------- d-----w c:\program files\AllToAVI
2008-12-15 04:25 --------- d-----w c:\program files\EA GAMES
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 00:44 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-12-04 00:44 4,552 ----a-w c:\program files\Common Files\unins000.dat
2008-12-03 21:21 --------- d-----w c:\program files\Rockstar Games
2008-12-03 20:53 --------- d-----w c:\program files\World Heroes
2008-12-03 19:07 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-11-29 01:33 --------- d-----w c:\program files\Speed
2008-11-25 19:55 --------- d-----w c:\documents and settings\Owner\Application Data\Red Alert 3
2008-11-25 19:26 --------- d-----w c:\documents and settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
2008-11-25 18:08 --------- d-----w c:\program files\Electronic Arts
2008-11-25 16:18 --------- d-----w c:\program files\Ricochet Lost Worlds Recharged
2008-11-25 14:22 --------- d-----w c:\program files\Java
2008-11-24 00:40 --------- d-----w c:\program files\Ricochet Xtreme
2008-11-21 05:07 --------- d-----w c:\program files\Atari
2008-11-21 05:05 --------- d-----w c:\documents and settings\Owner\Application Data\Atari
2008-11-21 05:01 --------- d-----w c:\program files\THQ
2008-11-20 17:52 --------- d-----w c:\program files\Paragon Software
2008-11-20 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-20 05:35 --------- d-----w c:\program files\ATI Technologies
2008-11-06 00:15 39,424 ----a-w c:\windows\zipinst.exe
2008-10-31 05:58 22,328 -c--a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2008-04-20 02:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-03-09 12:25 236 ---ha-w c:\program files\Common Files\dx.reg
2008-04-19 15:37 8 --sh--r c:\windows\system32\2ACA699CF5.sys
2008-04-22 21:59 5,018 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-28 01:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-01-05 336896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-14 548864]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"DT LGE"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-17 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-01 805392]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,bbczhd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\synergy\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\insurgency\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.1\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.5.game"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.6.game"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-20 39472]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
S3 hid8101;hid8101;c:\windows\system32\drivers\system32.sys [2008-05-22 64880]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb49b3a5-0f1a-11dd-afad-001d609a96fe}]
\Shell\AutoRun\command - I:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-14 c:\windows\Tasks\hzjrxmhs.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3D98552-9277-49D7-82AA-D58307A09A87} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-TDSSrfdc.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 12:54:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,35,da,d4,c4,47,5c,a4,fb,44,c7,25,81,34,cd,a3,68,13,43,ae,38,2e,66,
7c,83,6d,cc,a3,15,01,b4,51,11,2b,86,82,33,64,84,ba,a4,cd,16,b2,90,73,4b,97,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:50,d7,e4,23,5c,02,74,ae,c2,7b,52,a3,d0,1b,b1,5a,eb,ff,d8,26,90,
6c,da,a4,71,55,3e,18,80,6c,8a,c8,84,be,64,fa,4c,4e,a9,5e,f4,12,13,e6,af,66,\
"rkeysecu"=hex:d4,da,94,b7,4d,bc,4e,a7,5f,1b,aa,66,e8,77,fa,90
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PSIService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\program files\Portrait Displays\forteManager\dthtml.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-01-14 12:56:58 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-14 17:56:56

Pre-Run: 84,161,347,584 bytes free
Post-Run: 84,187,820,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
302 --- E O F --- 2009-01-14 17:39:56



and thats my hijackthis log
*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:36 PM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Java\jre6\bin\jucheck.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1645522239-448539723-839522115-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1645522239-448539723-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat,bbczhd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9921 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 15 January 2009 - 01:54 AM

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\drivers\system32.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 15 January 2009 - 10:56 AM

VirSCAN.org Scanned Report :
Scanned time : 2009/01/15 09:44:12 (CST)
Scanner results: All Scanners reported not find malware!
File Name : system32.sys
File Size : 64880 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 8cd83be6be18529a81c21c49a77c01b4
SHA1 : e9f89deabd7ab485c8fa2c52b8b7ed28e4d37e08
Online report : http://virscan.org/report/44f8c4eca328e22e...b30de7af5e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20090114173405 2009-01-14 2.13 -
AhnLab V3 2009.01.15.02 2009.01.15 2009-01-15 1.02 -
AntiVir 7.9.0.54 7.1.1.124 2009-01-15 1.75 -
Antiy 2.0.18 20090115.2054895 2009-01-15 0.12 -
Authentium 5.1.1 200901141927 2009-01-14 1.09 -
AVAST! 3.0.1 090114-0 2009-01-14 0.01 -
AVG 7.5.52.442 270.10.7/1894 2009-01-14 1.82 -
BitDefender 7.81008.2453422 7.23179 2009-01-15 2.31 -
CA (VET) 9.0.0.143 31.6.6309 2009-01-15 3.80 -
ClamAV 0.94.2 8868 2009-01-15 0.02 -
Comodo 3.0 931 2009-01-14 0.97 -
CP Secure 1.1.0.715 1970.01.01 1970-01-01 6.58 -
Dr.Web 4.44.0.9170 2009.01.15 2009-01-15 3.86 -
F-Prot 4.4.4.56 20090114 2009-01-14 1.07 -
F-Secure 5.51.6100 2009.01.14.07 2009-01-14 0.05 -
Fortinet 2.81-3.117 9.928 2009-01-15 0.22 -
GData 19.2418/19.185 20090114 2009-01-14 2.93 -
ViRobot 20090115 2009.01.15 2009-01-15 0.41 -
Ikarus T3.1.01.45 2009.01.15.72158 2009-01-15 3.60 -
JiangMin 11.0.706 2009.01.13 2009-01-13 1.61 -
Kaspersky 5.5.10 2009.01.15 2009-01-15 0.04 -
KingSoft 2008.9.8.18 2009.1.15.20 2009-01-15 0.58 -
McAfee 5.3.00 5495 2009-01-14 2.90 -
Microsoft 1.4205 2009.01.15 2009-01-15 4.16 -
mks_vir 2.01 2009.01.15 2009-01-15 2.71 -
Norman 5.93.01 5.93.00 2009-01-13 6.33 -
Panda 9.05.01 2009.01.14 2009-01-14 2.41 -
Trend Micro 8.700-1004 5.772.08 2009-01-15 0.03 -
Quick Heal 10.00 2009.01.15 2009-01-15 1.29 -
Rising 20.0 21.12.32.00 2009-01-15 0.83 -
Sophos 2.82.1 4.37 2009-01-15 2.23 -
Sunbelt 4756 4756 2009-01-08 0.70 -
Symantec 1.3.0.24 20090114.017 2009-01-14 0.15 -
nProtect 20090115.01 2894747 2009-01-15 5.13 -
The Hacker 6.3.1.2 v00220 2009-01-14 0.92 -
VBA32 3.12.8.10 20090114.1317 2009-01-14 1.54 -
VirusBuster 4.5.11.10 10.100.25/762554 2009-01-14 0.99 -

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 15 January 2009 - 11:36 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\Tasks\hzjrxmhs.job

Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. ComboFix
2. ESET Online Scanner
3. Tell me, how's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 15 January 2009 - 01:20 PM

i did what you told me combo fix started, but it restarted my cpu, but after ther restart no log was there except in c:Qoobox/CFScript_used_2009-01-15@13.36.txt
and when i tried to do the scan on internet explorer it gave me a HTTP 404 not found

but i got a hijackthis log
*****************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44, on 2009-01-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1645522239-448539723-839522115-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1645522239-448539723-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10215 bytes

Edited by galvatron10000, 15 January 2009 - 01:45 PM.


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 16 January 2009 - 12:26 AM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    c:\windows\Tasks\hzjrxmhs.job
    c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





NEXT


Delete your version of ComboFix and do below...


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**




NEXT


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient




Post me these logs in your next reply..

1. OTMoveIt3
2. ComboFix
3. F-Secure Online Scanner

Edited by fenzodahl512, 16 January 2009 - 12:27 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 16 January 2009 - 12:59 PM

ComboFix 09-01-15.01 - Owner 2009-01-16 9:29:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2550 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
FW: BitDefender Firewall *disabled*
FW: Norton 360 *disabled*
* Created a new restore point
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVG


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 09:17 . 2009-01-16 09:17 <DIR> d-------- C:\_OTMoveIt
2009-01-15 22:04 . 2009-01-15 22:04 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-15 22:04 . 2009-01-16 09:19 <DIR> d-------- c:\program files\Norton 360
2009-01-15 22:04 . 2009-01-15 22:33 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 22:04 . 2009-01-15 22:33 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-15 22:04 . 2009-01-15 22:33 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 22:04 . 2009-01-15 22:33 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 22:03 . 2009-01-15 22:33 <DIR> d-------- c:\program files\Symantec
2009-01-15 21:58 . 2009-01-15 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Symantec
2009-01-15 13:09 . 2009-01-15 13:09 0 --a------ c:\windows\system32\commonpub.log.lock
2009-01-15 13:06 . 2009-01-15 13:06 0 --a------ c:\windows\system32\commonpriv.log.lock
2009-01-14 13:08 . 2009-01-16 09:32 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-14 13:08 . 2009-01-14 13:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-14 13:08 . 2009-01-15 09:45 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-14 13:08 . 2009-01-14 13:27 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-14 13:08 . 2009-01-14 13:08 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-14 13:08 . 2009-01-14 13:08 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-14 13:08 . 2009-01-14 13:27 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-14 13:08 . 2009-01-14 13:27 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-13 20:01 . 2009-01-13 20:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-13 15:35 . 2009-01-13 15:35 <DIR> d-------- C:\Sandbox
2009-01-13 15:11 . 2009-01-13 15:11 127 --a------ c:\windows\system32\MRT.INI
2009-01-13 15:09 . 2009-01-13 22:53 1,917 --a------ c:\windows\imsins.BAK
2009-01-13 14:53 . 2009-01-15 20:43 <DIR> d-------- c:\program files\Sandboxie
2009-01-13 13:42 . 2009-01-13 13:58 121 --a------ c:\windows\bdagent.INI
2009-01-13 13:35 . 2009-01-13 13:35 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-01-13 13:35 . 2009-01-13 13:35 385 --a------ c:\windows\system32\user_gensett.xml
2009-01-13 12:55 . 2009-01-13 12:55 <DIR> d-------- c:\program files\AVG
2009-01-13 12:48 . 2009-01-13 12:48 <DIR> d-------- c:\windows\system32\logs
2009-01-13 12:48 . 2009-01-13 12:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-13 12:47 . 2009-01-13 13:59 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-01-13 12:44 . 2009-01-14 12:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-13 12:44 . 2009-01-13 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 11:11 . 2009-01-15 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-13 11:04 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-01-13 11:03 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-13 11:03 . 2009-01-13 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 20:00 . 2009-01-13 11:20 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-02 22:13 . 2009-01-02 22:13 <DIR> d-------- c:\program files\Google
2008-12-30 14:05 . 2008-12-30 14:05 <DIR> d-------- c:\program files\LG Electronics
2008-12-30 14:05 . 2007-04-09 09:55 22,912 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-30 14:05 . 2007-04-09 09:56 21,248 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-30 14:05 . 2007-04-09 09:53 12,672 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-27 13:41 . 2008-12-27 13:41 <DIR> d-------- c:\program files\Bonjour
2008-12-27 13:40 . 2008-12-27 13:41 <DIR> d-------- c:\program files\iTunes
2008-12-27 13:40 . 2008-12-27 13:40 <DIR> d-------- c:\program files\iPod
2008-12-27 13:39 . 2008-12-27 13:40 <DIR> d-------- c:\program files\QuickTime
2008-12-26 20:01 . 2008-12-26 20:01 <DIR> d-------- c:\program files\BitPim
2008-12-26 19:30 . 2009-01-12 15:46 <DIR> d-------- c:\program files\QPST

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 14:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-16 14:32 --------- d-----w c:\program files\lg_fwupdate
2009-01-16 14:32 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-16 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-16 02:01 --------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2009-01-14 02:23 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2009-01-14 02:21 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2009-01-13 21:28 --------- d-----w c:\program files\Opera
2009-01-13 19:31 --------- d-----w c:\program files\GameSpy Arcade
2009-01-12 20:21 --------- d-----w c:\program files\Steam
2009-01-12 19:15 --------- d-----w c:\program files\Azureus
2009-01-11 03:31 --------- d-----w c:\program files\Full Tilt Poker
2008-12-30 19:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 18:40 --------- d-----w c:\program files\Common Files\Apple
2008-12-16 06:56 --------- d-----w c:\program files\AllToAVI
2008-12-15 04:25 --------- d-----w c:\program files\EA GAMES
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 00:44 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-12-04 00:44 4,552 ----a-w c:\program files\Common Files\unins000.dat
2008-12-03 21:21 --------- d-----w c:\program files\Rockstar Games
2008-12-03 20:53 --------- d-----w c:\program files\World Heroes
2008-12-03 19:07 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-11-29 01:33 --------- d-----w c:\program files\Speed
2008-11-25 19:55 --------- d-----w c:\documents and settings\Owner\Application Data\Red Alert 3
2008-11-25 19:26 --------- d-----w c:\documents and settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
2008-11-25 18:08 --------- d-----w c:\program files\Electronic Arts
2008-11-25 16:18 --------- d-----w c:\program files\Ricochet Lost Worlds Recharged
2008-11-25 14:22 --------- d-----w c:\program files\Java
2008-11-24 00:40 --------- d-----w c:\program files\Ricochet Xtreme
2008-11-21 05:07 --------- d-----w c:\program files\Atari
2008-11-21 05:05 --------- d-----w c:\documents and settings\Owner\Application Data\Atari
2008-11-21 05:01 --------- d-----w c:\program files\THQ
2008-11-20 17:52 --------- d-----w c:\program files\Paragon Software
2008-11-20 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-20 05:35 --------- d-----w c:\program files\ATI Technologies
2008-11-06 00:15 39,424 ----a-w c:\windows\zipinst.exe
2008-10-31 05:58 22,328 -c--a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2008-04-20 02:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-03-09 12:25 236 ---ha-w c:\program files\Common Files\dx.reg
2008-06-30 18:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-04-19 15:37 8 --sh--r c:\windows\system32\2ACA699CF5.sys
2008-04-22 21:59 5,018 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-28 01:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-14_12.56.23.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-02-21 22:02:38 873,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LUALL.EXE
+ 2008-02-21 22:02:44 3,220,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LuComServer.EXE
+ 2009-01-16 03:04:00 7,406 ----a-r c:\windows\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
+ 2009-01-14 18:27:12 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2007-08-09 00:39:56 36,056 ----a-w c:\windows\system32\drivers\CO_Mon.sys
+ 2008-07-30 22:42:12 23,888 ----a-w c:\windows\system32\drivers\COH_Mon.sys
+ 2008-02-01 01:51:16 279,088 ----a-w c:\windows\system32\drivers\srtsp.sys
+ 2008-02-01 01:51:16 317,616 ----a-w c:\windows\system32\drivers\srtspl.sys
+ 2008-02-01 01:51:16 43,696 ----a-w c:\windows\system32\drivers\srtspx.sys
+ 2008-06-13 19:13:38 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
+ 2008-06-13 19:13:38 96,432 ----a-w c:\windows\system32\drivers\symfw.sys
+ 2008-06-13 19:13:38 38,576 ----a-w c:\windows\system32\drivers\symids.sys
+ 2008-06-13 19:14:02 31,280 ----a-w c:\windows\system32\drivers\SymIM.sys
+ 2008-06-13 19:13:38 37,424 ----a-w c:\windows\system32\drivers\symndis.sys
+ 2008-06-13 19:13:40 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
+ 2008-06-13 19:13:38 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
+ 2008-06-13 19:13:40 184,240 ----a-w c:\windows\system32\drivers\symtdi.sys
- 2009-01-13 20:15:29 96,664 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-16 14:32:16 96,664 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-17 17:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-01-29 17:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2009-01-16 03:25:59 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-13 19:45:48 579,464 ----a-w c:\windows\system32\SymNeti.dll
+ 2008-06-13 19:45:44 207,240 ----a-w c:\windows\system32\SymRedir.dll
+ 2009-01-16 14:32:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_50c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-14 548864]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"DT LGE"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-14 1601304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-17 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-01 805392]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-14 13:27 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,bbczhd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\synergy\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\insurgency\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.1\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.5.game"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.6.game"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-14 12552]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-20 39472]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 107272]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-14 29208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-15 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-14 29208]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 hid8101;hid8101;c:\windows\system32\drivers\system32.sys [2008-05-22 64880]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-14 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 298264]
S4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-14 1339600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - InCDrec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb49b3a5-0f1a-11dd-afad-001d609a96fe}]
\Shell\AutoRun\command - I:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 09:32:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,35,da,d4,c4,47,5c,a4,fb,44,c7,25,81,34,cd,a3,68,13,43,ae,38,2e,66,
7c,83,6d,cc,a3,15,01,b4,51,11,2b,86,82,33,64,84,ba,a4,cd,16,b2,90,73,4b,97,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:50,d7,e4,23,5c,02,74,ae,c2,7b,52,a3,d0,1b,b1,5a,eb,ff,d8,26,90,
6c,da,a4,71,55,3e,18,80,6c,8a,c8,84,be,64,fa,4c,4e,a9,5e,f4,12,13,e6,af,66,\
"rkeysecu"=hex:d4,da,94,b7,4d,bc,4e,a7,5f,1b,aa,66,e8,77,fa,90
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Portrait Displays\forteManager\dthtml.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-01-16 9:35:37 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-16 14:35:34
ComboFix2.txt 2009-01-14 17:56:59

Pre-Run: 139,189,944,320 bytes free
Post-Run: 139,178,774,528 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
373 --- E O F --- 2009-01-16 02:00:38

***************************

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder c:\windows\Tasks\hzjrxmhs.job not found.
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_GASaij8zAzAW1FPEPLzw scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF4596.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF027.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cc7A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc81.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc82.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc83.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETCE3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_14c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_28c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_091753

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_GASaij8zAzAW1FPEPLzw not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF4596.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF027.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\cc7A.tmp not found!
File C:\WINDOWS\temp\cc7B.tmp not found!
File C:\WINDOWS\temp\cc7C.tmp not found!
File C:\WINDOWS\temp\cc7D.tmp not found!
File C:\WINDOWS\temp\cc7E.tmp not found!
File C:\WINDOWS\temp\cc7F.tmp not found!
File C:\WINDOWS\temp\cc81.tmp not found!
File C:\WINDOWS\temp\cc82.tmp not found!
File C:\WINDOWS\temp\cc83.tmp not found!
File C:\WINDOWS\temp\JETCE3E.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_14c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_28c.dat not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\XUL.mfl moved successfully.

*********************

Scanning Report
Friday, January 16, 2009 10:04:48 - 12:57:55

Computer name: GALVATRON-SAMA
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\
Result: 3 malware found
W32/Packed_FSG.D (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SETUP\IMTOO MPEG\KEYGEN.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SETUP\IMTOO MP4\KEYGEN.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\PATCH\REGISTRY MECHANIC V8.0.0.900 KEYGEN -ROGUE- ONLY\KEYGEN.EXE (Submitted)

Statistics
Scanned:

* Files: 40634
* System: 3951
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 3

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ETILQS_UUDAP3LT1PEGIZYH3BRE
* C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SYMANTEC\NPMDATASTORE\CIMSTORE.XML

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2009-01-16
* F-Secure AVP: 7.0.171, 2009-01-16
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 16 January 2009 - 01:27 PM

AV: AVG Internet Security *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Updated)


You have three antivirus in your computer.. This is not good at all.. Just use ONLY ONE antivirus for each computer.. Uninstall two of those three antivirus..


Run your DDS and post the log here.. How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 galvatron10000

galvatron10000
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ottawa
  • Local time:10:59 PM

Posted 16 January 2009 - 01:56 PM

when i try to unistall AVG i get an error:
Local machine: prepared for the installation
Installation:
Error: Uninstallation is not possible. Product not installed.

and i cannot find the bitdefender unistall even in the add/remove program


i have to say thank you very much for the time you put to help me with my problem

Edited by galvatron10000, 16 January 2009 - 02:33 PM.


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 16 January 2009 - 02:35 PM

Run ComboFix once again for my final review.. How's the computer now?..

As for those antivirus.. You can try uninstall them using Revo Uninstaller.. Link below...

http://www.revouninstaller.com/revo_uninst...e_download.html

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users