Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo removal issues


  • Please log in to reply
7 replies to this topic

#1 czamundi

czamundi

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 22 January 2009 - 07:44 PM

My sister's freind infected my Pc while i was at work...



To fix it I have ran each twice in the following order, following all directions to remove or quarantine the "offenders"

Malwarebytes anti-malware
vundofix.exe
a squared free

I think i didnt clean it all because my pc is lagging a bit while playing dvds and long vid files from multiple sources online..
specifically the audio will lag behind the video as if the system can't handle doing both right

My pc profile
Windows XP Professional Service Pack 3 (build 2600)
3.00 gigahertz Intel Pentium D 16 kilobyte primary memory cache 2048 kilobyte secondary memory cache
1tb of hdd space an 606gb free

Board: Foxconn P4M800P7MA Bus Clock: 200 megahertz BIOS: Phoenix Technologies, LTD 6.00 PG 03/18/2006

I ran dds.scr and the results are below and attached:


DDS (Ver_09-01-19.01) - NTFSx86
Run by cazmundi at 19:40:49.78 on Thu 01/22/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.502 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\FolderSize\FolderSizeSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\svchost.exe -k hpdevmgmt
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Veoh Networks\Veoh\VeohClient.exe
F:\Program Files\RocketDock\RocketDock.exe
F:\Program Files\DNA\btdna.exe
F:\Documents and Settings\cazmundi\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
F:\PROGRA~1\Ashampoo\ASHAMP~4\AMO_TA~1.EXE
F:\Program Files\WinTV\Ir.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\a-squared Free\a2service.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\cazmundi\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - f:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - f:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - f:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - f:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - f:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [Veoh] "f:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [RocketDock] "f:\program files\rocketdock\RocketDock.exe"
uRun: [BitTorrent DNA] "f:\program files\dna\btdna.exe"
uRun: [SansaDispatch] f:\documents and settings\cazmundi\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [VeohPlugin] "f:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Ashampoo Magical Optimizer Taskplaner] "f:\progra~1\ashampoo\ashamp~4\AMO_TA~1.EXE" -TRAY
mRun: [HPHUPD08] f:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATICCC] "f:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Acrobat Assistant 7.0] "f:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG8_TRAY] f:\progra~1\avg\avg8\avgtray.exe
mRun: [IntelliPoint] "f:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - f:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - f:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - f:\program files\wintv\Ir.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - f:\program files\common files\nikon\monitor\NkMonitor.exe
IE: Convert link target to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - f:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - f:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll yobbtp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 f:\windows\system32\hgGvwwWm

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\cazmundi\applic~1\mozilla\firefox\profiles\8psc2coj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: f:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: f:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: f:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: f:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: f:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: XUL Cache: {A9E84FAB-721F-49AE-83F4-7B7A55C36676} - f:\documents and settings\cazmundi\local settings\application data\{a9e84fab-721f-49ae-83f4-7b7a55c36676}\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2008-11-21 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2008-11-21 26824]
R3 aliroothub;USB 2.0 Root Hub;f:\windows\system32\drivers\AliRtHub.sys [2008-10-30 5325]
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;f:\windows\system32\drivers\HCWUSB2AV.sys [2008-10-30 150784]
R3 tap0801;TAP-Win32 Adapter V8;f:\windows\system32\drivers\tap0801.sys [2006-10-1 23552]
R4 a2free;a-squared Free Service;f:\program files\a-squared free\a2service.exe [2009-1-22 419448]
R4 ALIEHCD;ALi PCI to USB Enhanced Host Controller;f:\windows\system32\drivers\AliEhci.sys [2008-10-30 112835]
R4 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\avg\avg8\avgemc.exe [2008-11-21 875288]
R4 avg8wd;AVG Free8 WatchDog;f:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-21 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [2008-11-21 76040]
S3 aligp;USB Composite Device;f:\windows\system32\drivers\AliGP.sys [2008-10-30 8656]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;f:\progra~1\wintv\HCWTVS~1.EXE [2008-12-9 815104]
S3 s3chipid;s3chipid;\??\f:\docume~1\cazmundi\locals~1\temp\s3chipid.sys --> f:\docume~1\cazmundi\locals~1\temp\s3chipid.sys [?]
S4 Mrxddeerksmw;Mrxddeerksmw; [x]

=============== Created Last 30 ================

2009-01-22 19:34 3,840 a------- f:\windows\system32\drivers\BANTExt.sys
2009-01-22 19:34 <DIR> --d----- f:\program files\Belarc
2009-01-22 18:15 <DIR> --d----- f:\program files\Runtime Software
2009-01-22 17:59 <DIR> --d----- f:\program files\a-squared Free
2009-01-21 12:24 <DIR> --d----- F:\VundoFix Backups
2009-01-21 01:25 250 a------- f:\windows\gmer.ini
2009-01-21 01:23 <DIR> --d----- f:\program files\trend micro
2009-01-20 21:45 <DIR> --d----- f:\docume~1\alluse~1\applic~1\SRSLabs
2009-01-20 20:54 <DIR> --d----- f:\docume~1\cazmundi\applic~1\cogad
2009-01-20 20:46 1,432,143 ---sh--- f:\windows\system32\rqqrubug.ini
2009-01-20 20:45 2,204 a------- f:\windows\ddzgvsse
2009-01-20 20:34 <DIR> --d----- f:\program files\SRSLabs
2009-01-20 20:34 <DIR> --d----- f:\program files\common files\SRS
2009-01-20 18:46 <DIR> --d----- f:\program files\common files\HP
2009-01-20 18:45 <DIR> --d----- f:\program files\common files\Hewlett-Packard
2009-01-20 18:43 117,760 a------- f:\windows\system32\hpzll4xl.dll
2009-01-20 18:43 675,840 a----r-- f:\windows\system32\hpowiax4.dll
2009-01-20 18:43 569,344 a----r-- f:\windows\system32\hpotscl4.dll
2009-01-20 18:43 364,544 a----r-- f:\windows\system32\hppldcoi.dll
2009-01-20 18:43 309,760 a----r-- f:\windows\system32\difxapi.dll
2009-01-20 18:43 294,912 a----r-- f:\windows\system32\hpovst11.dll
2009-01-20 18:43 <DIR> --d----- f:\windows\zhenghe2
2009-01-20 18:41 144,617 a------- f:\windows\hpwins16.dat
2009-01-18 15:56 <DIR> --d----- f:\program files\K-Lite Codec Pack
2009-01-18 15:14 <DIR> --d----- f:\docume~1\cazmundi\applic~1\Thinstall
2009-01-12 18:46 169 a------- f:\windows\RtlRack.ini
2009-01-11 23:13 17,801 a------- f:\windows\system32\drivers\AegisP.sys
2009-01-11 23:13 94,208 a------- f:\windows\system32\GTW32N50.dll
2009-01-11 23:13 31,930 a------- f:\windows\system32\GTNDIS3.VXD
2009-01-11 23:13 17,992 a------- f:\windows\system32\bcm42rly.sys
2009-01-11 23:13 15,872 a------- f:\windows\system32\GTNDIS5.sys
2009-01-11 23:13 <DIR> --d----- f:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-01-11 23:11 608 a------- f:\windows\system32\WLAN.INI
2009-01-07 20:17 60,032 ac------ f:\windows\system32\dllcache\usbaudio.sys
2009-01-07 20:17 60,032 a------- f:\windows\system32\drivers\USBAUDIO.sys
2009-01-07 01:38 <DIR> --d----- f:\docume~1\cazmundi\applic~1\aAvgApi
2009-01-03 15:31 <DIR> --d----- f:\docume~1\alluse~1\applic~1\2DBoy
2009-01-03 15:31 <DIR> --d----- f:\program files\World of Goo
2008-12-31 16:08 54,156 a---h--- f:\windows\QTFont.qfn
2008-12-31 16:08 1,409 a------- f:\windows\QTFont.for
2008-12-31 12:56 <DIR> --d----- f:\docume~1\cazmundi\applic~1\SanDisk

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- f:\windows\system32\drivers\mbam.sys
2009-01-06 13:04 20 ----h--- f:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2008-12-17 12:13 410,984 a------- f:\windows\system32\deploytk.dll
2008-12-16 17:20 18,728 a------- f:\docume~1\cazmundi\applic~1\GDIPFONTCACHEV1.DAT
2008-11-21 14:32 10,520 a------- f:\windows\system32\avgrsstx.dll
2008-11-13 21:38 79,684 a------- f:\windows\HPHins08.dat
2008-10-31 20:28 737,280 a------- f:\windows\iun6002.exe
2008-10-31 01:44 86,327 a------- f:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-30 00:17 87,608 a------- f:\docume~1\cazmundi\applic~1\inst.exe
2008-10-30 00:17 47,360 a------- f:\docume~1\cazmundi\applic~1\pcouffin.sys
2008-10-29 22:40 21,640 a------- f:\windows\system32\emptyregdb.dat

============= FINISH: 19:40:59.68 ===============

Attached Files


Edited by czamundi, 22 January 2009 - 07:45 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:37 PM

Posted 26 January 2009 - 09:53 AM

Hello Czamundi and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 czamundi

czamundi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 26 January 2009 - 05:06 PM

________--------__Goored Log_----___



GooredFix v1.83 by jpshortstuff
Log created at 16:28 on 26/01/2009 running Option #2 (cazmundi)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="F:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="F:\Program Files\Mozilla Firefox\components"


_____---END OF GOORED LOG----_____________________________________







Then ran Combo fix, followed all directions






_______------Combofix Log------_____________



ComboFix 09-01-21.04 - cazmundi 2009-01-26 16:36:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.749 [GMT -5:00]
Running from: f:\documents and settings\cazmundi\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\cazmundi\Application Data\inst.exe
f:\documents and settings\cazmundi\Local Settings\Temporary Internet Files\fbk.sts
f:\windows\system32\drivers\seneka.sys
f:\windows\system32\drivers\senekamkjgutep.sys
f:\windows\system32\hpowiax4.dll
f:\windows\system32\rqqrubug.ini
f:\windows\system32\senekaeuyavjdh.dat
f:\windows\system32\senekakkduevji.dll
f:\windows\system32\senekampkkfhdk.dll
f:\windows\system32\senekaxjsaommt.dat
f:\windows\Tasks\rtiwmdjh.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-22 19:34 . 2009-01-22 19:34 <DIR> d-------- f:\program files\Belarc
2009-01-22 19:34 . 2008-02-27 12:49 3,840 --a------ f:\windows\system32\drivers\BANTExt.sys
2009-01-22 18:15 . 2009-01-22 18:15 <DIR> d-------- f:\program files\Runtime Software
2009-01-22 17:59 . 2009-01-23 23:46 <DIR> d-------- f:\program files\a-squared Free
2009-01-21 12:24 . 2009-01-21 12:24 <DIR> d-------- F:\VundoFix Backups
2009-01-21 01:25 . 2009-01-21 01:25 250 --a------ f:\windows\gmer.ini
2009-01-21 01:23 . 2009-01-21 01:28 <DIR> d-------- F:\rsit
2009-01-21 01:23 . 2009-01-21 16:17 <DIR> d-------- f:\program files\trend micro
2009-01-20 21:45 . 2009-01-20 21:45 <DIR> d-------- f:\documents and settings\All Users\Application Data\SRSLabs
2009-01-20 20:54 . 2009-01-21 00:48 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\cogad
2009-01-20 20:45 . 2009-01-21 02:22 2,204 --a------ f:\windows\ddzgvsse
2009-01-20 20:34 . 2009-01-20 20:34 <DIR> d-------- f:\program files\SRSLabs
2009-01-20 20:34 . 2009-01-20 20:34 <DIR> d-------- f:\program files\Common Files\SRS
2009-01-20 18:49 . 2009-01-20 18:49 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\HPAppData
2009-01-20 18:46 . 2009-01-20 18:46 <DIR> d-------- f:\program files\Common Files\HP
2009-01-20 18:45 . 2009-01-20 18:45 <DIR> d-------- f:\program files\Common Files\Hewlett-Packard
2009-01-20 18:44 . 2009-01-20 18:44 <DIR> d-------- f:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-20 18:43 . 2009-01-20 18:43 <DIR> d-------- f:\windows\zhenghe2
2009-01-20 18:43 . 2007-10-25 10:38 569,344 -ra------ f:\windows\system32\hpotscl4.dll
2009-01-20 18:43 . 2007-10-25 10:38 364,544 -ra------ f:\windows\system32\hppldcoi.dll
2009-01-20 18:43 . 2007-10-25 10:38 309,760 -ra------ f:\windows\system32\difxapi.dll
2009-01-20 18:43 . 2007-10-25 10:38 294,912 -ra------ f:\windows\system32\hpovst11.dll
2009-01-20 18:43 . 2007-10-29 17:14 117,760 --a------ f:\windows\system32\hpzll4xl.dll
2009-01-20 18:41 . 2009-01-20 19:01 144,617 --a------ f:\windows\hpwins16.dat
2009-01-18 15:56 . 2009-01-18 15:56 <DIR> d-------- f:\program files\K-Lite Codec Pack
2009-01-18 15:14 . 2009-01-18 15:14 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\Thinstall
2009-01-12 18:46 . 2009-01-12 18:46 169 --a------ f:\windows\RtlRack.ini
2009-01-11 23:13 . 2009-01-11 23:13 <DIR> d-------- f:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-01-11 23:13 . 2003-10-13 15:30 94,208 --a------ f:\windows\system32\GTW32N50.dll
2009-01-11 23:13 . 2003-09-25 23:28 31,930 --a------ f:\windows\system32\GTNDIS3.VXD
2009-01-11 23:13 . 2005-02-01 18:18 17,992 --a------ f:\windows\system32\bcm42rly.sys
2009-01-11 23:13 . 2009-01-11 23:13 17,801 --a------ f:\windows\system32\drivers\AegisP.sys
2009-01-11 23:13 . 2003-09-25 22:15 15,872 --a------ f:\windows\system32\GTNDIS5.sys
2009-01-11 23:11 . 2009-01-11 23:11 608 --a------ f:\windows\system32\WLAN.INI
2009-01-07 20:17 . 2008-04-14 00:15 60,032 --a------ f:\windows\system32\drivers\USBAUDIO.sys
2009-01-07 20:17 . 2008-04-14 00:15 60,032 --a--c--- f:\windows\system32\dllcache\usbaudio.sys
2009-01-07 01:38 . 2009-01-07 01:38 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\aAvgApi
2009-01-06 01:44 . 2009-01-06 01:44 <DIR> d-------- f:\documents and settings\All Users\Application Data\Macrovision
2009-01-03 15:31 . 2009-01-03 15:31 <DIR> d-------- f:\program files\World of Goo
2009-01-03 15:31 . 2009-01-03 15:31 <DIR> d-------- f:\documents and settings\All Users\Application Data\2DBoy
2008-12-31 16:08 . 2009-01-25 21:07 54,156 --ah----- f:\windows\QTFont.qfn
2008-12-31 16:08 . 2008-12-31 16:08 1,409 --a------ f:\windows\QTFont.for
2008-12-31 12:56 . 2008-12-31 12:56 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\SanDisk
2008-12-26 16:16 . 2009-01-05 16:52 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 21:42 --------- d-----w f:\program files\DNA
2009-01-26 21:42 --------- d-----w f:\documents and settings\cazmundi\Application Data\DNA
2009-01-26 21:20 --------- d-----w f:\documents and settings\All Users\Application Data\avg8
2009-01-26 04:31 --------- d-----w f:\documents and settings\All Users\Application Data\Google Updater
2009-01-26 04:01 --------- d-----w f:\program files\Combined Community Codec Pack
2009-01-21 06:29 --------- d-----w f:\program files\Malwarebytes' Anti-Malware
2009-01-20 23:49 --------- d-----w f:\program files\HP
2009-01-20 01:35 --------- d-----w f:\program files\WinTV
2009-01-19 23:07 --------- d-----w f:\program files\Animated GIF producer 3.3 TRIAL
2009-01-19 23:06 --------- d-----w f:\documents and settings\cazmundi\Application Data\BitTorrent
2009-01-19 22:48 --------- d-----w f:\program files\Ashampoo
2009-01-18 20:36 --------- d-----w f:\program files\DivX
2009-01-14 21:11 38,496 ----a-w f:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w f:\windows\system32\drivers\mbam.sys
2009-01-13 06:43 --------- d-----w f:\documents and settings\cazmundi\Application Data\Vso
2009-01-12 04:13 --------- d--h--w f:\program files\InstallShield Installation Information
2009-01-08 01:20 --------- d-----w f:\program files\DVDFab Platinum 4
2009-01-07 06:38 --------- d-----w f:\program files\Veoh Networks
2009-01-06 18:04 20 ---h--w f:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-06 06:43 --------- d-----w f:\program files\Common Files\Adobe
2008-12-29 02:50 --------- d-----w f:\program files\OpenVPN
2008-12-24 00:30 --------- d-----w f:\program files\RocketDock
2008-12-23 21:48 --------- d-----w f:\documents and settings\cazmundi\Application Data\Ashampoo
2008-12-17 17:13 410,984 ----a-w f:\windows\system32\deploytk.dll
2008-12-17 17:13 --------- d-----w f:\program files\Java
2008-12-16 22:20 18,728 ----a-w f:\documents and settings\cazmundi\Application Data\GDIPFONTCACHEV1.DAT
2008-12-10 04:14 --------- d-----w f:\program files\nanoPEG for WinTV
2008-12-10 04:14 --------- d-----w f:\program files\Common Files\IviSDK
2008-12-04 23:35 --------- d-----w f:\documents and settings\cazmundi\Application Data\ArcSoft
2008-12-04 13:38 --------- d-----w f:\program files\Common Files\Nikon
2008-12-04 13:38 --------- d-----w f:\documents and settings\cazmundi\Application Data\Nikon
2008-12-03 01:20 --------- d-----w f:\program files\BitTorrent
2008-12-02 18:36 --------- d-----w f:\program files\Common Files\muvee Technologies
2008-12-02 18:36 --------- d-----w f:\documents and settings\All Users\Application Data\Nikon
2008-12-02 18:35 --------- d-----w f:\program files\Nikon
2008-12-02 18:35 --------- d-----w f:\documents and settings\All Users\Application Data\Ultima_T15
2008-12-02 18:35 --------- d-----w f:\documents and settings\All Users\Application Data\Limiter
2008-12-02 18:35 --------- d-----w f:\documents and settings\All Users\Application Data\EnterNHelp
2008-12-02 18:34 --------- d-----w f:\program files\ArcSoft
2008-12-02 16:28 --------- d-----w f:\program files\DIFX
2008-12-02 16:27 --------- d-----w f:\program files\Mars
2008-11-30 03:51 --------- d-----w f:\program files\7-Zip
2008-11-01 01:28 737,280 ----a-w f:\windows\iun6002.exe
2008-10-30 05:17 47,360 ----a-w f:\documents and settings\cazmundi\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="f:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"RocketDock"="f:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BitTorrent DNA"="f:\program files\DNA\btdna.exe" [2008-12-18 342848]
"SansaDispatch"="f:\documents and settings\cazmundi\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-31 79872]
"VeohPlugin"="f:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Ashampoo Magical Optimizer Taskplaner"="f:\progra~1\Ashampoo\ASHAMP~4\AMO_TA~1.EXE" [2007-02-08 1266872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="f:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2006-07-11 49152]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-08-18 49152]
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Acrobat Assistant 7.0"="f:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"IntelliPoint"="f:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 f:\windows\SOUNDMAN.EXE]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - f:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-10-30 25214]
Adobe Gamma Loader.lnk - f:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]
AutoStart IR.lnk - f:\program files\WinTV\Ir.exe [2008-12-09 106551]
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nikon Monitor.lnk - f:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yobbtp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= f:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R3 aliroothub;USB 2.0 Root Hub;f:\windows\system32\drivers\AliRtHub.sys [2008-10-30 5325]
R3 tap0801;TAP-Win32 Adapter V8;f:\windows\system32\drivers\tap0801.sys [2006-10-01 23552]
R4 ALIEHCD;ALi PCI to USB Enhanced Host Controller;f:\windows\system32\drivers\AliEhci.sys [2008-10-30 112835]
S3 aligp;USB Composite Device;f:\windows\system32\drivers\AliGP.sys [2008-10-30 8656]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;f:\progra~1\WinTV\HCWTVS~1.EXE [2008-12-09 815104]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;f:\windows\system32\drivers\HCWUSB2AV.sys [2008-10-30 150784]
S3 s3chipid;s3chipid;\??\f:\docume~1\cazmundi\LOCALS~1\Temp\s3chipid.sys --> f:\docume~1\cazmundi\LOCALS~1\Temp\s3chipid.sys [?]
S4 Mrxddeerksmw;Mrxddeerksmw; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370ef709-d154-11dd-9bae-00155876c1c1}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\cazmundi\Application Data\Mozilla\Firefox\Profiles\8psc2coj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: f:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: f:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: f:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: f:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: f:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 16:40:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
f:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\ati2evxx.exe
f:\windows\system32\ati2evxx.exe
f:\program files\a-squared Free\a2service.exe
f:\program files\FolderSize\FolderSizeSvc.exe
f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
f:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2009-01-26 16:45:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 21:45:55

Pre-Run: 85,180,116,992 bytes free
Post-Run: 85,690,937,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(3)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(3)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

237


______-------END OF COMBO FIX LOG------______



BOTH LOGS ARE ATTACHED ALSO!!!

I want to say thanks for the help!! :thumbup2:

Attached Files



#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:37 PM

Posted 26 January 2009 - 05:22 PM

Hello Czamundi,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
f:\windows\ddzgvsse
Folder::
f:\documents and settings\cazmundi\Application Data\cogad
Driver::
Mrxddeerksmw
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 czamundi

czamundi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 26 January 2009 - 10:05 PM

I got attacked again somehow while reading email before i could read your more recent post...

Then I ran malwarebytes and A squared until they came up clean under full scan (2 times...clean the second time). Then i ran vundofix.exe and it was clean on the first try{I got the copy i have from this forum, and then I followed your instructions} .

DDS and Combo logs posted and attached as per the instructions


============== DDS Log ===============

DDS (Ver_09-01-19.01) - NTFSx86
Run by cazmundi at 21:14:52.90 on 2009-01-26
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.522 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\a-squared Free\a2service.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\FolderSize\FolderSizeSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\svchost.exe -k hpdevmgmt
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Veoh Networks\Veoh\VeohClient.exe
F:\Program Files\RocketDock\RocketDock.exe
F:\Program Files\DNA\btdna.exe
F:\Documents and Settings\cazmundi\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
F:\PROGRA~1\Ashampoo\ASHAMP~4\AMO_TA~1.EXE
F:\Program Files\WinTV\Ir.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\AVG\AVG8\avgtray.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\cazmundi\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - f:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - f:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - f:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [Veoh] "f:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [RocketDock] "f:\program files\rocketdock\RocketDock.exe"
uRun: [BitTorrent DNA] "f:\program files\dna\btdna.exe"
uRun: [SansaDispatch] f:\documents and settings\cazmundi\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [VeohPlugin] "f:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Ashampoo Magical Optimizer Taskplaner] "f:\progra~1\ashampoo\ashamp~4\AMO_TA~1.EXE" -TRAY
mRun: [HPHUPD08] f:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATICCC] "f:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Acrobat Assistant 7.0] "f:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IntelliPoint] "f:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG8_TRAY] f:\progra~1\avg\avg8\avgtray.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - f:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - f:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - f:\program files\wintv\Ir.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - f:\program files\common files\nikon\monitor\NkMonitor.exe
IE: Convert link target to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - f:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - f:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\cazmundi\applic~1\mozilla\firefox\profiles\8psc2coj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: f:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: f:\program files\mozilla firefox\components\srff.dll
FF - plugin: f:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: f:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: f:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: f:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: f:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2009-1-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2009-1-26 26824]
R3 aliroothub;USB 2.0 Root Hub;f:\windows\system32\drivers\AliRtHub.sys [2008-10-30 5325]
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;f:\windows\system32\drivers\HCWUSB2AV.sys [2008-10-30 150784]
R3 tap0801;TAP-Win32 Adapter V8;f:\windows\system32\drivers\tap0801.sys [2006-10-1 23552]
R4 a2free;a-squared Free Service;f:\program files\a-squared free\a2service.exe [2009-1-22 419448]
R4 ALIEHCD;ALi PCI to USB Enhanced Host Controller;f:\windows\system32\drivers\AliEhci.sys [2008-10-30 112835]
R4 avg8wd;AVG Free8 WatchDog;f:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-26 231704]
S0 xspsqqcu;xspsqqcu;f:\windows\system32\drivers\twdsgjpj.sys []
S3 aligp;USB Composite Device;f:\windows\system32\drivers\AliGP.sys [2008-10-30 8656]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;f:\progra~1\wintv\HCWTVS~1.EXE [2008-12-9 815104]
S3 s3chipid;s3chipid;\??\f:\docume~1\cazmundi\locals~1\temp\s3chipid.sys --> f:\docume~1\cazmundi\locals~1\temp\s3chipid.sys [?]
S4 Mrxddeerksmw;Mrxddeerksmw; [x]

=============== Created Last 30 ================

2009-01-26 20:24 389,120 a------- f:\windows\system32\CF23730.exe
2009-01-26 20:24 <DIR> --d----- F:\ComboFix
2009-01-26 19:52 389,120 a------- f:\windows\system32\CF17453.exe
2009-01-26 19:52 389,120 a------- f:\windows\system32\CF17450.exe
2009-01-26 19:33 <DIR> --d----- f:\docume~1\cazmundi\applic~1\Twain
2009-01-26 19:30 10,520 a------- f:\windows\system32\avgrsstx.dll
2009-01-26 19:30 97,928 a------- f:\windows\system32\drivers\avgldx86.sys
2009-01-26 19:30 <DIR> --d----- f:\windows\system32\drivers\Avg
2009-01-26 19:28 <DIR> --d----- f:\program files\WebShow
2009-01-26 19:23 <DIR> --d----- f:\docume~1\cazmundi\applic~1\cogad
2009-01-26 19:13 1,104 a------- f:\windows\xspsqqcu
2009-01-26 16:29 161,792 a------- f:\windows\SWREG.exe
2009-01-26 16:29 98,816 a------- f:\windows\sed.exe
2009-01-22 19:34 3,840 a------- f:\windows\system32\drivers\BANTExt.sys
2009-01-22 19:34 <DIR> --d----- f:\program files\Belarc
2009-01-22 18:15 <DIR> --d----- f:\program files\Runtime Software
2009-01-22 17:59 <DIR> --d----- f:\program files\a-squared Free
2009-01-21 12:24 <DIR> --d----- F:\VundoFix Backups
2009-01-21 01:25 250 a------- f:\windows\gmer.ini
2009-01-21 01:23 <DIR> --d----- f:\program files\trend micro
2009-01-20 21:45 <DIR> --d----- f:\docume~1\alluse~1\applic~1\SRSLabs
2009-01-20 20:45 2,204 a------- f:\windows\ddzgvsse
2009-01-20 20:34 <DIR> --d----- f:\program files\SRSLabs
2009-01-20 20:34 <DIR> --d----- f:\program files\common files\SRS
2009-01-20 18:46 <DIR> --d----- f:\program files\common files\HP
2009-01-20 18:45 <DIR> --d----- f:\program files\common files\Hewlett-Packard
2009-01-20 18:43 117,760 a------- f:\windows\system32\hpzll4xl.dll
2009-01-20 18:43 569,344 a----r-- f:\windows\system32\hpotscl4.dll
2009-01-20 18:43 364,544 a----r-- f:\windows\system32\hppldcoi.dll
2009-01-20 18:43 309,760 a----r-- f:\windows\system32\difxapi.dll
2009-01-20 18:43 294,912 a----r-- f:\windows\system32\hpovst11.dll
2009-01-20 18:43 <DIR> --d----- f:\windows\zhenghe2
2009-01-20 18:41 144,617 a------- f:\windows\hpwins16.dat
2009-01-18 15:56 <DIR> --d----- f:\program files\K-Lite Codec Pack
2009-01-18 15:14 <DIR> --d----- f:\docume~1\cazmundi\applic~1\Thinstall
2009-01-12 18:46 169 a------- f:\windows\RtlRack.ini
2009-01-11 23:13 17,801 a------- f:\windows\system32\drivers\AegisP.sys
2009-01-11 23:13 94,208 a------- f:\windows\system32\GTW32N50.dll
2009-01-11 23:13 31,930 a------- f:\windows\system32\GTNDIS3.VXD
2009-01-11 23:13 17,992 a------- f:\windows\system32\bcm42rly.sys
2009-01-11 23:13 15,872 a------- f:\windows\system32\GTNDIS5.sys
2009-01-11 23:13 <DIR> --d----- f:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-01-11 23:11 608 a------- f:\windows\system32\WLAN.INI
2009-01-07 20:17 60,032 ac------ f:\windows\system32\dllcache\usbaudio.sys
2009-01-07 20:17 60,032 a------- f:\windows\system32\drivers\USBAUDIO.sys
2009-01-07 01:38 <DIR> --d----- f:\docume~1\cazmundi\applic~1\aAvgApi
2009-01-03 15:31 <DIR> --d----- f:\docume~1\alluse~1\applic~1\2DBoy
2009-01-03 15:31 <DIR> --d----- f:\program files\World of Goo
2008-12-31 16:08 54,156 a---h--- f:\windows\QTFont.qfn
2008-12-31 16:08 1,409 a------- f:\windows\QTFont.for
2008-12-31 12:56 <DIR> --d----- f:\docume~1\cazmundi\applic~1\SanDisk

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- f:\windows\system32\drivers\mbam.sys
2009-01-06 13:04 20 ----h--- f:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2008-12-17 12:13 410,984 a------- f:\windows\system32\deploytk.dll
2008-12-16 17:20 18,728 a------- f:\docume~1\cazmundi\applic~1\GDIPFONTCACHEV1.DAT
2008-11-13 21:38 79,684 a------- f:\windows\HPHins08.dat
2008-10-31 20:28 737,280 a------- f:\windows\iun6002.exe
2008-10-31 01:44 86,327 a------- f:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-30 00:17 47,360 a------- f:\docume~1\cazmundi\applic~1\pcouffin.sys
2008-10-29 22:40 21,640 a------- f:\windows\system32\emptyregdb.dat

============= FINISH: 21:15:05.29 ==========================================



<<<<<<<<<<<<<<<<<<<<+++ ComboFix ++++++>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ComboFix 09-01-21.04 - cazmundi 2009-01-26 21:20:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.690 [GMT -5:00]
Running from: f:\documents and settings\cazmundi\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\cazmundi\Desktop\CFScript .txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

FILE ::
f:\windows\ddzgvsse
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\cazmundi\Application Data\cogad
f:\documents and settings\cazmundi\Local Settings\Temporary Internet Files\bestwiner.stt
f:\documents and settings\cazmundi\Local Settings\Temporary Internet Files\CPV.stt
f:\documents and settings\cazmundi\Local Settings\Temporary Internet Files\fbk.sts
f:\windows\ddzgvsse
f:\windows\system32\drivers\seneka.sys
f:\windows\system32\drivers\senekaunageyuo.sys
f:\windows\system32\senekaglyptdqs.dll
f:\windows\system32\senekamdtkpnee.dat
f:\windows\system32\senekammfikswm.dll
f:\windows\system32\senekauvsggide.dat
f:\windows\Tasks\qpubtbkn.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Service_Mrxddeerksmw


((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-26 19:33 . 2009-01-26 20:51 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\Twain
2009-01-26 19:30 . 2009-01-26 19:39 <DIR> d-------- f:\windows\system32\drivers\Avg
2009-01-26 19:30 . 2009-01-26 19:30 97,928 --a------ f:\windows\system32\drivers\avgldx86.sys
2009-01-26 19:30 . 2009-01-26 19:30 10,520 --a------ f:\windows\system32\avgrsstx.dll
2009-01-26 19:28 . 2009-01-26 20:51 <DIR> d-------- f:\program files\WebShow
2009-01-26 19:13 . 2009-01-26 21:22 1,104 --a------ f:\windows\xspsqqcu
2009-01-22 19:34 . 2009-01-22 19:34 <DIR> d-------- f:\program files\Belarc
2009-01-22 19:34 . 2008-02-27 12:49 3,840 --a------ f:\windows\system32\drivers\BANTExt.sys
2009-01-22 18:15 . 2009-01-22 18:15 <DIR> d-------- f:\program files\Runtime Software
2009-01-22 17:59 . 2009-01-26 20:22 <DIR> d-------- f:\program files\a-squared Free
2009-01-21 12:24 . 2009-01-21 12:24 <DIR> d-------- F:\VundoFix Backups
2009-01-21 01:25 . 2009-01-21 01:25 250 --a------ f:\windows\gmer.ini
2009-01-21 01:23 . 2009-01-21 01:28 <DIR> d-------- F:\rsit
2009-01-21 01:23 . 2009-01-21 16:17 <DIR> d-------- f:\program files\trend micro
2009-01-20 21:45 . 2009-01-20 21:45 <DIR> d-------- f:\documents and settings\All Users\Application Data\SRSLabs
2009-01-20 20:34 . 2009-01-20 20:34 <DIR> d-------- f:\program files\SRSLabs
2009-01-20 20:34 . 2009-01-20 20:34 <DIR> d-------- f:\program files\Common Files\SRS
2009-01-20 18:49 . 2009-01-20 18:49 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\HPAppData
2009-01-20 18:46 . 2009-01-20 18:46 <DIR> d-------- f:\program files\Common Files\HP
2009-01-20 18:45 . 2009-01-20 18:45 <DIR> d-------- f:\program files\Common Files\Hewlett-Packard
2009-01-20 18:44 . 2009-01-20 18:44 <DIR> d-------- f:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-20 18:43 . 2009-01-20 18:43 <DIR> d-------- f:\windows\zhenghe2
2009-01-20 18:43 . 2007-10-25 10:38 569,344 -ra------ f:\windows\system32\hpotscl4.dll
2009-01-20 18:43 . 2007-10-25 10:38 364,544 -ra------ f:\windows\system32\hppldcoi.dll
2009-01-20 18:43 . 2007-10-25 10:38 309,760 -ra------ f:\windows\system32\difxapi.dll
2009-01-20 18:43 . 2007-10-25 10:38 294,912 -ra------ f:\windows\system32\hpovst11.dll
2009-01-20 18:43 . 2007-10-29 17:14 117,760 --a------ f:\windows\system32\hpzll4xl.dll
2009-01-20 18:41 . 2009-01-20 19:01 144,617 --a------ f:\windows\hpwins16.dat
2009-01-18 15:56 . 2009-01-18 15:56 <DIR> d-------- f:\program files\K-Lite Codec Pack
2009-01-18 15:14 . 2009-01-18 15:14 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\Thinstall
2009-01-12 18:46 . 2009-01-12 18:46 169 --a------ f:\windows\RtlRack.ini
2009-01-11 23:13 . 2009-01-11 23:13 <DIR> d-------- f:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-01-11 23:13 . 2003-10-13 15:30 94,208 --a------ f:\windows\system32\GTW32N50.dll
2009-01-11 23:13 . 2003-09-25 23:28 31,930 --a------ f:\windows\system32\GTNDIS3.VXD
2009-01-11 23:13 . 2005-02-01 18:18 17,992 --a------ f:\windows\system32\bcm42rly.sys
2009-01-11 23:13 . 2009-01-11 23:13 17,801 --a------ f:\windows\system32\drivers\AegisP.sys
2009-01-11 23:13 . 2003-09-25 22:15 15,872 --a------ f:\windows\system32\GTNDIS5.sys
2009-01-11 23:11 . 2009-01-11 23:11 608 --a------ f:\windows\system32\WLAN.INI
2009-01-07 20:17 . 2008-04-14 00:15 60,032 --a------ f:\windows\system32\drivers\USBAUDIO.sys
2009-01-07 20:17 . 2008-04-14 00:15 60,032 --a--c--- f:\windows\system32\dllcache\usbaudio.sys
2009-01-07 01:38 . 2009-01-07 01:38 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\aAvgApi
2009-01-06 01:44 . 2009-01-06 01:44 <DIR> d-------- f:\documents and settings\All Users\Application Data\Macrovision
2009-01-03 15:31 . 2009-01-03 15:31 <DIR> d-------- f:\program files\World of Goo
2009-01-03 15:31 . 2009-01-03 15:31 <DIR> d-------- f:\documents and settings\All Users\Application Data\2DBoy
2008-12-31 16:08 . 2009-01-25 21:07 54,156 --ah----- f:\windows\QTFont.qfn
2008-12-31 16:08 . 2008-12-31 16:08 1,409 --a------ f:\windows\QTFont.for
2008-12-31 12:56 . 2008-12-31 12:56 <DIR> d-------- f:\documents and settings\cazmundi\Application Data\SanDisk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 02:35 --------- d-----w f:\program files\DNA
2009-01-27 02:35 --------- d-----w f:\documents and settings\cazmundi\Application Data\DNA
2009-01-27 00:30 --------- d-----w f:\documents and settings\All Users\Application Data\avg8
2009-01-26 04:31 --------- d-----w f:\documents and settings\All Users\Application Data\Google Updater
2009-01-26 04:01 --------- d-----w f:\program files\Combined Community Codec Pack
2009-01-21 06:29 --------- d-----w f:\program files\Malwarebytes' Anti-Malware
2009-01-20 23:49 --------- d-----w f:\program files\HP
2009-01-20 01:35 --------- d-----w f:\program files\WinTV
2009-01-19 23:07 --------- d-----w f:\program files\Animated GIF producer 3.3 TRIAL
2009-01-19 23:06 --------- d-----w f:\documents and settings\cazmundi\Application Data\BitTorrent
2009-01-19 22:48 --------- d-----w f:\program files\Ashampoo
2009-01-18 20:36 --------- d-----w f:\program files\DivX
2009-01-14 21:11 38,496 ----a-w f:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w f:\windows\system32\drivers\mbam.sys
2009-01-13 06:43 --------- d-----w f:\documents and settings\cazmundi\Application Data\Vso
2009-01-12 04:13 --------- d--h--w f:\program files\InstallShield Installation Information
2009-01-08 01:20 --------- d-----w f:\program files\DVDFab Platinum 4
2009-01-07 06:38 --------- d-----w f:\program files\Veoh Networks
2009-01-06 18:04 20 ---h--w f:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-06 06:43 --------- d-----w f:\program files\Common Files\Adobe
2009-01-05 21:52 --------- d-----w f:\documents and settings\cazmundi\Application Data\U3
2008-12-29 02:50 --------- d-----w f:\program files\OpenVPN
2008-12-24 00:30 --------- d-----w f:\program files\RocketDock
2008-12-23 21:48 --------- d-----w f:\documents and settings\cazmundi\Application Data\Ashampoo
2008-12-17 17:13 410,984 ----a-w f:\windows\system32\deploytk.dll
2008-12-17 17:13 --------- d-----w f:\program files\Java
2008-12-16 22:20 18,728 ----a-w f:\documents and settings\cazmundi\Application Data\GDIPFONTCACHEV1.DAT
2008-12-10 04:14 --------- d-----w f:\program files\nanoPEG for WinTV
2008-12-10 04:14 --------- d-----w f:\program files\Common Files\IviSDK
2008-12-04 23:35 --------- d-----w f:\documents and settings\cazmundi\Application Data\ArcSoft
2008-12-04 13:38 --------- d-----w f:\program files\Common Files\Nikon
2008-12-04 13:38 --------- d-----w f:\documents and settings\cazmundi\Application Data\Nikon
2008-12-03 01:20 --------- d-----w f:\program files\BitTorrent
2008-12-02 18:36 --------- d-----w f:\program files\Common Files\muvee Technologies
2008-12-02 18:36 --------- d-----w f:\documents and settings\All Users\Application Data\Nikon
2008-12-02 18:35 --------- d-----w f:\program files\Nikon
2008-12-02 18:35 --------- d-----w f:\documents and settings\All Users\Application Data\Ultima_T15
2008-12-02 18:35 --------- d-----w f:\documents and settings\All Users\Application Data\Limiter
2008-12-02 18:35 --------- d-----w f:\documents and settings\All Users\Application Data\EnterNHelp
2008-12-02 18:34 --------- d-----w f:\program files\ArcSoft
2008-12-02 16:28 --------- d-----w f:\program files\DIFX
2008-12-02 16:27 --------- d-----w f:\program files\Mars
2008-11-30 03:51 --------- d-----w f:\program files\7-Zip
2008-11-01 01:28 737,280 ----a-w f:\windows\iun6002.exe
2008-10-30 05:17 47,360 ----a-w f:\documents and settings\cazmundi\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-26_16.45.22.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-26 01:57:20 16,384 ----a-w f:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-27 01:52:40 16,384 ----a-w f:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-26 01:57:20 32,768 ----a-w f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-27 01:52:40 32,768 ----a-w f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-26 01:57:20 32,768 ----a-w f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-27 01:52:40 32,768 ----a-w f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-27 00:30:52 26,824 ----a-w f:\windows\system32\drivers\avgmfx86.sys
+ 2009-01-27 02:32:03 16,384 ----atw f:\windows\Temp\Perflib_Perfdata_248.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="f:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"RocketDock"="f:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BitTorrent DNA"="f:\program files\DNA\btdna.exe" [2008-12-18 342848]
"SansaDispatch"="f:\documents and settings\cazmundi\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-31 79872]
"VeohPlugin"="f:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Ashampoo Magical Optimizer Taskplaner"="f:\progra~1\Ashampoo\ASHAMP~4\AMO_TA~1.EXE" [2007-02-08 1266872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="f:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2006-07-11 49152]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-08-18 49152]
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Acrobat Assistant 7.0"="f:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"IntelliPoint"="f:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-26 1261336]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 f:\windows\SOUNDMAN.EXE]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - f:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-10-30 25214]
Adobe Gamma Loader.lnk - f:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]
AutoStart IR.lnk - f:\program files\WinTV\Ir.exe [2008-12-09 106551]
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nikon Monitor.lnk - f:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= f:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R3 aliroothub;USB 2.0 Root Hub;f:\windows\system32\drivers\AliRtHub.sys [2008-10-30 5325]
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;f:\windows\system32\drivers\HCWUSB2AV.sys [2008-10-30 150784]
R3 tap0801;TAP-Win32 Adapter V8;f:\windows\system32\drivers\tap0801.sys [2006-10-01 23552]
R4 ALIEHCD;ALi PCI to USB Enhanced Host Controller;f:\windows\system32\drivers\AliEhci.sys [2008-10-30 112835]
R4 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-26 231704]
S0 xspsqqcu;xspsqqcu;f:\windows\system32\drivers\twdsgjpj.sys []
S1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2009-01-26 97928]
S3 aligp;USB Composite Device;f:\windows\system32\drivers\AliGP.sys [2008-10-30 8656]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;f:\progra~1\WinTV\HCWTVS~1.EXE [2008-12-09 815104]
S3 s3chipid;s3chipid;\??\f:\docume~1\cazmundi\LOCALS~1\Temp\s3chipid.sys --> f:\docume~1\cazmundi\LOCALS~1\Temp\s3chipid.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370ef709-d154-11dd-9bae-00155876c1c1}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\cazmundi\Application Data\Mozilla\Firefox\Profiles\8psc2coj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: f:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: f:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: f:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: f:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: f:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: f:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 21:34:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


f:\windows\system32\drivers\twdsgjpj.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
f:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\ati2evxx.exe
f:\program files\a-squared Free\a2service.exe
f:\windows\system32\ati2evxx.exe
f:\program files\FolderSize\FolderSizeSvc.exe
f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
f:\windows\system32\wscntfy.exe
f:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2009-01-26 21:38:49 - machine was rebooted [cazmundi]
ComboFix-quarantined-files.txt 2009-01-27 02:38:45
ComboFix2.txt 2009-01-26 21:46:00

Pre-Run: 85,594,357,760 bytes free
Post-Run: 85,542,195,200 bytes free

255

Attached Files


Edited by czamundi, 26 January 2009 - 10:08 PM.


#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:37 PM

Posted 27 January 2009 - 05:22 PM

Hello Czamundi,

We'll need one more run :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:KillAll::
File::
f:\windows\system32\drivers\twdsgjpj.sys
f:\windows\xspsqqcu
Driver::
xspsqqcu
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370ef709-d154-11dd-9bae-00155876c1c1}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 czamundi

czamundi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 30 January 2009 - 10:46 PM

Sorry for the long absence but i got another wave of attacks and i had to take everything offline until i scanned it with malwarebytes (until it came up clean on full scan).

It seems to turn off my firewall, so I am looking for a better than windows fire wall. If you can recommend any i'd appreciate it.

This is just the DDS log as that combofix comes up expired? What should i do about that??



=============================================

DDS (Ver_09-01-19.01) - NTFSx86
Run by cazmundi at 22:39:26.92 on Fri 01/30/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.466 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\a-squared Free\a2service.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\FolderSize\FolderSizeSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\svchost.exe -k hpdevmgmt
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Veoh Networks\Veoh\VeohClient.exe
F:\Program Files\RocketDock\RocketDock.exe
F:\Program Files\DNA\btdna.exe
F:\Documents and Settings\cazmundi\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
F:\PROGRA~1\Ashampoo\ASHAMP~4\AMO_TA~1.EXE
F:\Program Files\WinTV\Ir.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\cazmundi\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - f:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - f:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - f:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [Veoh] "f:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [RocketDock] "f:\program files\rocketdock\RocketDock.exe"
uRun: [BitTorrent DNA] "f:\program files\dna\btdna.exe"
uRun: [SansaDispatch] f:\documents and settings\cazmundi\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [VeohPlugin] "f:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Ashampoo Magical Optimizer Taskplaner] "f:\progra~1\ashampoo\ashamp~4\AMO_TA~1.EXE" -TRAY
uRun: [mzmz] f:\progra~1\common~1\mzmz\mzmzm.exe
mRun: [HPHUPD08] f:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Acrobat Assistant 7.0] "f:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IntelliPoint] "f:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG8_TRAY] f:\progra~1\avg\avg8\avgtray.exe
mRun: [ATICCC] "f:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - f:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - f:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - f:\program files\wintv\Ir.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - f:\program files\common files\nikon\monitor\NkMonitor.exe
IE: Convert link target to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - f:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - f:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 f:\windows\system32\geBqQJyy

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\cazmundi\applic~1\mozilla\firefox\profiles\8psc2coj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: f:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: f:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: f:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: f:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: f:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2009-1-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2009-1-26 27656]
R3 aliroothub;USB 2.0 Root Hub;f:\windows\system32\drivers\AliRtHub.sys [2008-10-30 5325]
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;f:\windows\system32\drivers\HCWUSB2AV.sys [2008-10-30 150784]
R3 tap0801;TAP-Win32 Adapter V8;f:\windows\system32\drivers\tap0801.sys [2006-10-1 23552]
R4 a2free;a-squared Free Service;f:\program files\a-squared free\a2service.exe [2009-1-22 419448]
R4 ALIEHCD;ALi PCI to USB Enhanced Host Controller;f:\windows\system32\drivers\AliEhci.sys [2008-10-30 112835]
R4 avg8wd;AVG Free8 WatchDog;f:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-26 298264]
S3 aligp;USB Composite Device;f:\windows\system32\drivers\AliGP.sys [2008-10-30 8656]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;f:\progra~1\wintv\HCWTVS~1.EXE [2008-12-9 815104]
S3 s3chipid;s3chipid;\??\f:\docume~1\cazmundi\locals~1\temp\s3chipid.sys --> f:\docume~1\cazmundi\locals~1\temp\s3chipid.sys [?]

=============== Created Last 30 ================

2009-01-30 22:32 <DIR> --d----- F:\ComboFix
2009-01-30 21:24 332 a------- f:\windows\system32\senekapmctpxlm.dat
2009-01-30 21:09 389,120 a------- f:\windows\system32\CF14173.exe
2009-01-30 21:09 <DIR> --dsh--- f:\windows\Y2F6bXVuZGk
2009-01-30 21:05 389,120 a------- f:\windows\system32\CF13408.exe
2009-01-30 20:46 0 a------- f:\windows\PlayList.Fpl
2009-01-30 20:46 190 a------- f:\windows\system32\FOLESVR.DLL
2009-01-30 20:43 389,120 a------- f:\windows\system32\ACTSKN43.OCX
2009-01-30 20:43 <DIR> --d----- f:\windows\tmp
2009-01-30 20:43 3,315 a------- f:\windows\FantasyDVD.ini
2009-01-30 20:43 2,417 a------- f:\windows\ShortCutInf.ini
2009-01-30 20:43 544,768 a------- f:\windows\system32\CLVSD.ax
2009-01-30 20:43 45,056 a------- f:\windows\system32\ogg.dll
2009-01-30 20:43 <DIR> --d----- f:\windows\system32\FTCodecs
2009-01-30 20:43 <DIR> --d----- f:\program files\Fantasysoft-Studio
2009-01-30 20:22 <DIR> --d----- f:\program files\common files\mzmz
2009-01-30 20:22 <DIR> --d----- f:\windows\mzmz
2009-01-30 20:22 48,640 a------- f:\windows\system32\qoMfeDvu.dll
2009-01-30 20:16 48,640 a------- f:\windows\system32\iifedASl.dll
2009-01-30 20:12 59 a------- f:\windows\system32\senekaljedvmpj.dat
2009-01-30 20:12 1,104 a------- f:\windows\hwbsjscc
2009-01-30 20:07 3,065 a------- f:\windows\system32\senekatjccdkwt.dat
2009-01-28 23:10 <DIR> --d----- f:\docume~1\alluse~1\applic~1\WEBREG
2009-01-28 21:53 117,760 a------- f:\windows\system32\hpzll5ha.dll
2009-01-28 21:53 303,104 a------- f:\windows\system32\hpovst10.dll
2009-01-28 21:53 675,840 a------- f:\windows\system32\hpowiax3.dll
2009-01-28 21:53 569,344 a------- f:\windows\system32\hpotscl3.dll
2009-01-28 21:50 141,057 a------- f:\windows\hpoins14.dat
2009-01-28 21:50 2,000 -------- f:\windows\hpomdl14.dat
2009-01-28 17:34 506,598 a------- f:\windows\system32\autorun.inf
2009-01-27 03:44 <DIR> --d-h--- F:\$AVG8.VAULT$
2009-01-27 01:15 0 a------- f:\windows\ativpsrm.bin
2009-01-27 01:10 <DIR> --d----- F:\ATI
2009-01-26 19:33 <DIR> --d----- f:\docume~1\cazmundi\applic~1\Twain
2009-01-26 19:30 10,520 a------- f:\windows\system32\avgrsstx.dll
2009-01-26 19:30 325,128 a------- f:\windows\system32\drivers\avgldx86.sys
2009-01-26 19:30 <DIR> --d----- f:\windows\system32\drivers\Avg
2009-01-26 19:28 <DIR> --d----- f:\program files\WebShow
2009-01-22 19:34 3,840 a------- f:\windows\system32\drivers\BANTExt.sys
2009-01-22 19:34 <DIR> --d----- f:\program files\Belarc
2009-01-22 18:15 <DIR> --d----- f:\program files\Runtime Software
2009-01-22 17:59 <DIR> --d----- f:\program files\a-squared Free
2009-01-21 12:24 <DIR> --d----- F:\VundoFix Backups
2009-01-21 01:25 250 a------- f:\windows\gmer.ini
2009-01-21 01:23 <DIR> --d----- f:\program files\trend micro
2009-01-20 21:45 <DIR> --d----- f:\docume~1\alluse~1\applic~1\SRSLabs
2009-01-20 20:34 <DIR> --d----- f:\program files\SRSLabs
2009-01-20 20:34 <DIR> --d----- f:\program files\common files\SRS
2009-01-20 18:46 <DIR> --d----- f:\program files\common files\HP
2009-01-20 18:45 <DIR> --d----- f:\program files\common files\Hewlett-Packard
2009-01-20 18:43 117,760 a------- f:\windows\system32\hpzll4xl.dll
2009-01-20 18:43 569,344 a----r-- f:\windows\system32\hpotscl4.dll
2009-01-20 18:43 294,912 a----r-- f:\windows\system32\hpovst11.dll
2009-01-20 18:43 364,544 a------- f:\windows\system32\hppldcoi.dll
2009-01-20 18:43 309,760 a------- f:\windows\system32\difxapi.dll
2009-01-20 18:43 <DIR> --d----- f:\windows\zhenghe2
2009-01-20 18:41 144,617 a------- f:\windows\hpwins16.dat
2009-01-18 15:56 <DIR> --d----- f:\program files\K-Lite Codec Pack
2009-01-18 15:14 <DIR> --d----- f:\docume~1\cazmundi\applic~1\Thinstall
2009-01-12 18:46 169 a------- f:\windows\RtlRack.ini
2009-01-11 23:13 17,801 a------- f:\windows\system32\drivers\AegisP.sys
2009-01-11 23:13 94,208 a------- f:\windows\system32\GTW32N50.dll
2009-01-11 23:13 31,930 a------- f:\windows\system32\GTNDIS3.VXD
2009-01-11 23:13 17,992 a------- f:\windows\system32\bcm42rly.sys
2009-01-11 23:13 15,872 a------- f:\windows\system32\GTNDIS5.sys
2009-01-11 23:13 <DIR> --d----- f:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-01-11 23:11 608 a------- f:\windows\system32\WLAN.INI
2009-01-07 20:17 60,032 ac------ f:\windows\system32\dllcache\usbaudio.sys
2009-01-07 20:17 60,032 a------- f:\windows\system32\drivers\USBAUDIO.sys
2009-01-07 01:38 <DIR> --d----- f:\docume~1\cazmundi\applic~1\aAvgApi
2009-01-03 15:31 <DIR> --d----- f:\docume~1\alluse~1\applic~1\2DBoy
2009-01-03 15:31 <DIR> --d----- f:\program files\World of Goo

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- f:\windows\system32\drivers\mbam.sys
2009-01-06 13:04 20 ----h--- f:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2008-12-17 12:13 410,984 a------- f:\windows\system32\deploytk.dll
2008-12-16 17:20 18,728 a------- f:\docume~1\cazmundi\applic~1\GDIPFONTCACHEV1.DAT
2008-12-01 15:52 425,984 a------- f:\windows\system32\ATIDEMGX.dll
2008-12-01 15:51 318,464 a------- f:\windows\system32\ati2dvag.dll
2008-12-01 15:46 11,304,960 a------- f:\windows\system32\atioglxx.dll
2008-12-01 15:41 188,416 a------- f:\windows\system32\atipdlxx.dll
2008-12-01 15:40 147,456 a------- f:\windows\system32\Oemdspif.dll
2008-12-01 15:40 26,112 a------- f:\windows\system32\Ati2mdxx.exe
2008-12-01 15:40 43,520 a------- f:\windows\system32\ati2edxx.dll
2008-12-01 15:40 143,360 a------- f:\windows\system32\ati2evxx.dll
2008-12-01 15:38 598,016 a------- f:\windows\system32\ati2evxx.exe
2008-12-01 15:37 53,248 a------- f:\windows\system32\ATIDDC.DLL
2008-12-01 15:27 4,120,384 a------- f:\windows\system32\ati3duag.dll
2008-12-01 15:19 307,200 a------- f:\windows\system32\atiiiexx.dll
2008-12-01 15:11 2,495,360 a------- f:\windows\system32\ativvaxx.dll
2008-12-01 15:11 3,107,788 a------- f:\windows\system32\ativvaxx.dat
2008-12-01 15:11 3,107,788 a------- f:\windows\system32\ativva5x.dat
2008-12-01 15:11 887,724 a------- f:\windows\system32\ativva6x.dat
2008-12-01 14:57 48,640 a------- f:\windows\system32\amdpcom32.dll
2008-12-01 14:53 401,408 a------- f:\windows\system32\atikvmag.dll
2008-12-01 14:53 45,056 a------- f:\windows\system32\amdcalrt.dll
2008-12-01 14:53 45,056 a------- f:\windows\system32\amdcalcl.dll
2008-12-01 14:52 86,016 a------- f:\windows\system32\atiadlxx.dll
2008-12-01 14:52 17,408 a------- f:\windows\system32\atitvo32.dll
2008-12-01 14:50 286,720 a------- f:\windows\system32\atiok3x2.dll
2008-12-01 14:50 3,252,224 a------- f:\windows\system32\Amdcaldd.dll
2008-12-01 14:45 577,536 a------- f:\windows\system32\ati2cqag.dll
2008-12-01 14:35 593,920 -------- f:\windows\system32\ati2sgag.exe
2008-11-13 21:38 79,684 a------- f:\windows\HPHins08.dat
2008-10-30 00:17 47,360 a------- f:\docume~1\cazmundi\applic~1\pcouffin.sys
2005-07-29 16:24 472 a--shr-- f:\windows\y2f6bxvuzgk\sZIdvrpRt34.vbs

============= FINISH: 22:39:44.93 ===============


A squared log attached too

Attached Files


Edited by czamundi, 30 January 2009 - 11:44 PM.


#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:37 PM

Posted 31 January 2009 - 07:33 PM

Hello Czamundi,

That ComboFix problem should be fixed by now.
The new version (you can download it to replace the old one) should run normally. :thumbup2:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users