Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack log - performance is not the best


  • This topic is locked This topic is locked
18 replies to this topic

#1 zippyzoe

zippyzoe

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 27 March 2009 - 03:33 AM

Webpages are slow to load. Computer takes longer to boot and to shut down.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:45 AM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.82.52.210:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Turtle Beach Riviera] "C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Ron\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181938138640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7421 bytes

BC AdBot (Login to Remove)

 


#2 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 30 March 2009 - 07:07 AM

Computer freaked out this morning. Waited 30 minutes to go from the bio page to start to boot.....got to the last line before windows starts and it stopped another 5 minutes and finally I'm up and running. Check disk found some orphaned files and repaired them. Wondering what to do now. Will continue in holding pattern before someone assists.

#3 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 31 March 2009 - 10:36 AM

OUt of desperation I decided to pay a high school kid $25 to look at my computer. He ran C-Cleaner and said it was fixed. Dang!!! Such a simple fix. Runs much better.

Today booted up and received a new error " Verifying DMI Post Data - K8NPT Data Change, update new data to DMI!!
Computer stalled at this point and went on strike or something. Got tired of waiting so I rebooted. Up and running again. Will post my newest hijack log after the c-cleaner run from yesterday.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:31 AM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\svcho.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.82.52.210:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O2 - BHO: BHO - {ABD42510-9B22-41cd-9DCD-8182A2D07C63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Turtle Beach Riviera] "C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Ron\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181938138640
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - (no file)

Edited by zippyzoe, 31 March 2009 - 10:36 AM.


#4 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 01 April 2009 - 09:23 PM

Today became infested with Spyware 2009 alert......no telling how I got this thing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:00 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\WINDOWS\svcho.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.82.52.210:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O2 - BHO: BHO - {ABD42510-9B22-41cd-9DCD-8182A2D07C63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Turtle Beach Riviera] "C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Ron\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181938138640
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8307 bytes

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:20 AM

Posted 05 April 2009 - 04:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#6 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 08 April 2009 - 02:25 PM

Here's my problem. My computer takes almost 45 minutes to boot up -- Bios page ~ 30min.....then it pause prior to the Windows page for another ~15-20 minutes. When I initially had this problem I ran C-cleaner and the problem went away. I saved a backup point incase I had problems again. The problem came back this morning.

Here's the DDS log you requested --

.sun.com/products/plugin/autodl/jinstall-1_4_2_04-windows-i586.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181938138640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\ltogozeq.default\
FF - component: c:\documents and settings\ron\application data\mozilla\firefox\profiles\ltogozeq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-26 59776]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-1 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-1 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-1 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-9-27 2368]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]

=============== Created Last 30 ================

2009-04-03 23:41 <DIR> --d----- c:\program files\TradeStation 8.5 (Build 2289)
2009-04-01 23:53 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-01 21:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-01 21:55 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-01 21:55 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-01 21:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-01 21:54 <DIR> --d----- c:\program files\AVG
2009-04-01 21:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-31 12:18 947,472 a------- c:\windows\system32\msjava.bak
2009-03-30 23:40 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls
2009-03-30 23:39 185,344 ac------ c:\windows\system32\dllcache\thawbrkr.dll
2009-03-30 13:10 <DIR> --d----- c:\program files\CCleaner
2009-03-30 12:01 <DIR> --d----- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-03-30 09:27 <DIR> --d----- c:\docume~1\ron\applic~1\Malwarebytes
2009-03-30 09:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 09:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 09:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-30 09:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 07:30 23 a--sh--- c:\windows\system32\edacded0_x.dat
2009-03-30 07:30 23 a------- c:\windows\system32\bcdadac7_x.xml
2009-03-30 07:30 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-27 12:30 43 a------- c:\windows\WALLSTRT.INI
2009-03-27 11:51 <DIR> --d----- c:\program files\common files\TradeStation Technologies
2009-03-26 22:05 <DIR> --d----- c:\docume~1\ron\applic~1\TradeStation Technologies
2009-03-25 22:37 25 a------- c:\windows\mixerdef.ini
2009-03-25 22:37 <DIR> --d----- c:\program files\common files\Voyetra
2009-03-25 22:35 <DIR> --d----- c:\program files\Turtle Beach
2009-03-25 22:27 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-03-25 22:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 22:16 10,624 ac------ c:\windows\system32\dllcache\gameenum.sys
2009-03-25 22:16 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-03-25 22:09 0 a------- c:\windows\ativpsrm.bin
2009-03-25 22:05 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-03-25 22:02 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-25 22:02 <DIR> --d----- c:\program files\ATI Technologies
2009-03-25 22:00 <DIR> --d----- C:\Diamond
2009-03-24 13:54 <DIR> --d----- C:\New Folder 1

==================== Find3M ====================

2009-03-10 02:07 142,742 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-27 00:50 159 a------- C:\Delapp.bat
2008-09-19 18:22 81,920 ac------ c:\docume~1\ron\applic~1\ezpinst.exe
2008-09-19 18:22 47,360 ac------ c:\docume~1\ron\applic~1\pcouffin.sys
2008-09-01 03:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat
2008-09-01 03:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:20 AM

Posted 09 April 2009 - 04:59 AM

Hi

The beginning part of dds.txt log is missing. Post a complete one, please. Post also attach.txt which wasn't included in your previous reply either.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 15 April 2009 - 01:02 AM

DDS.txt log ---


DDS (Ver_09-03-16.01) - NTFSx86
Run by Ron at 0:57:30.48 on Wed 04/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.383 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TradeStation 8.5 (Build 2289)\Program\tssupp.exe
C:\WINDOWS\system32\wuauclt.exe
E:\downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 203.82.52.210:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\ron\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Turtle Beach Riviera] "c:\program files\turtle beach\riviera\TBRivieraTray.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Device Detector] DevDetect.exe -autorun
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_2_04-windows-i586.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181938138640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\ltogozeq.default\
FF - component: c:\documents and settings\ron\application data\mozilla\firefox\profiles\ltogozeq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-26 59776]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-1 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-1 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-1 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-9-27 2368]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]

=============== Created Last 30 ================

2009-04-11 22:50 <DIR> -cd-h--- c:\windows\ie8
2009-04-11 22:49 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-08 21:39 <DIR> --d----- c:\docume~1\ron\applic~1\MSNInstaller
2009-04-03 23:41 <DIR> --d----- c:\program files\TradeStation 8.5 (Build 2289)
2009-04-01 23:53 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-01 21:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-01 21:55 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-01 21:55 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-01 21:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-01 21:54 <DIR> --d----- c:\program files\AVG
2009-04-01 21:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-31 12:18 947,472 a------- c:\windows\system32\msjava.bak
2009-03-30 23:40 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls
2009-03-30 23:39 185,344 ac------ c:\windows\system32\dllcache\thawbrkr.dll
2009-03-30 13:10 <DIR> --d----- c:\program files\CCleaner
2009-03-30 12:01 <DIR> --d----- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-03-30 09:27 <DIR> --d----- c:\docume~1\ron\applic~1\Malwarebytes
2009-03-30 09:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 09:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 09:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-30 09:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 07:30 23 a--sh--- c:\windows\system32\edacded0_x.dat
2009-03-30 07:30 23 a------- c:\windows\system32\bcdadac7_x.xml
2009-03-30 07:30 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-27 12:30 43 a------- c:\windows\WALLSTRT.INI
2009-03-27 11:51 <DIR> --d----- c:\program files\common files\TradeStation Technologies
2009-03-26 22:05 <DIR> --d----- c:\docume~1\ron\applic~1\TradeStation Technologies
2009-03-25 22:37 25 a------- c:\windows\mixerdef.ini
2009-03-25 22:37 <DIR> --d----- c:\program files\common files\Voyetra
2009-03-25 22:35 <DIR> --d----- c:\program files\Turtle Beach
2009-03-25 22:27 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-03-25 22:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 22:16 10,624 ac------ c:\windows\system32\dllcache\gameenum.sys
2009-03-25 22:16 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-03-25 22:09 0 a------- c:\windows\ativpsrm.bin
2009-03-25 22:05 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-03-25 22:02 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-25 22:02 <DIR> --d----- c:\program files\ATI Technologies
2009-03-25 22:00 <DIR> --d----- C:\Diamond
2009-03-24 13:54 <DIR> --d----- C:\New Folder 1

==================== Find3M ====================

2009-03-10 02:07 142,742 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-27 00:50 159 a------- C:\Delapp.bat
2008-09-19 18:22 81,920 ac------ c:\docume~1\ron\applic~1\ezpinst.exe
2008-09-19 18:22 47,360 ac------ c:\docume~1\ron\applic~1\pcouffin.sys
2008-09-01 03:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat
2008-09-01 03:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 0:59:58.48 ===============

#9 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 15 April 2009 - 01:05 AM

The attach log ---


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2007 4:13:52 PM
System Uptime: 4/14/2009 5:44:25 AM (19 hours ago)

Motherboard: | | NF-MCP61
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+ | Socket M2 | 2813/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 24.527 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 111.989 GiB free.
F: is CDROM ()
G: is Removable
J: is FIXED (NTFS) - 1397 GiB total, 763.739 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP561: 4/8/2009 1:35:07 AM - System Checkpoint
RP562: 4/8/2009 3:26:59 PM - System Checkpoint
RP563: 4/9/2009 9:23:19 AM - Removed TradeStation 8.5 (Build 2289)
RP564: 4/9/2009 9:25:14 AM - Installed TradeStation 8.5 (Build 2289)
RP565: 4/11/2009 10:52:55 PM - Installed Windows Internet Explorer 8.
RP566: 4/11/2009 10:57:10 PM - Software Distribution Service 3.0
RP567: 4/13/2009 2:27:59 AM - System Checkpoint
RP568: 4/14/2009 3:10:59 AM - System Checkpoint
RP569: 4/14/2009 8:57:50 AM - Avg8 Update

==== Installed Programs ======================

µTorrent
1400
1400_Help
1400Trb
ACDSee Pro
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan
AiOSoftware
Apple Software Update
AT&T Yahoo! Internet Mail
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
AVG 8.5
BetGameDay
BufferChm
C-Media PCI Audio Device
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CloneDVD 4.1.0.23
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
Duplicate Finder
DVD Flick
DVD Shrink 3.2
eSupportQFolder
Fax
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
hotComm Lite®
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
jv16 PowerTools 2009
Logitech G11 Keyboard Software 1.03
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Premium
neroxml
Network Magic
NewCopy
NVIDIA Drivers
PCI Audio Driver
PicLens for Internet Explorer
ProductContext
Pure Networks Platform
QuickTime
Readme
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RegCure 1.5.0.0
ReNamer
Scan
ScannerCopy
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skins
SolutionCenter
Status
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
TradeStation 8.5 (Build 2289)
TrayApp
TreeSize Free V2.1
Turtle Beach Riviera PCI Driver
Unity Web Player
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VLC media player 0.9.4
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.1
WinPop
WinRAR archiver
World of Warcraft
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/9/2009 3:57:34 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/8/2009 8:14:52 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
4/8/2009 1:34:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'resume.dat.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/9/2009 4:05:40 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F569F262-31A8-4E79-9532-04FD9C6A7A50} because another computer on the network has the same name. The server could not start.

==== End Of File ===========================

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:20 AM

Posted 15 April 2009 - 05:22 AM

Hi

Keep P2P file sharing software shut down during whole process. Even better way would be to uninstall it. Namely, major part of infections are received from P2P networks nowadays.

When has the hard drive(s) been defragged last time?


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 15 April 2009 - 11:43 PM

ComboFix 09-04-16.02 - Ron 04/15/2009 23:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -5:00]
Running from: e:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ron\err.log
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\lfd32.ini
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-16 04:31 . 2009-04-16 04:32 -------- d-----w C:\32788R22FWJFW
2009-04-12 06:54 . 2009-04-12 06:54 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-12 06:49 . 2009-04-12 06:49 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Cooliris
2009-04-12 04:03 . 2009-04-12 04:03 70464 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 04:02 . 2009-04-12 04:02 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\ATI
2009-04-12 04:02 . 2009-04-12 04:02 -------- d-----w c:\documents and settings\Guest\Application Data\ATI
2009-04-12 03:56 . 2009-04-12 03:56 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-12 03:56 . 2009-04-12 19:38 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-12 03:50 . 2009-04-12 03:55 -------- dc-h--w c:\windows\ie8
2009-04-12 03:49 . 2009-04-12 04:00 -------- d--h--w c:\windows\msdownld.tmp
2009-04-09 02:39 . 2009-04-09 02:39 -------- d-----w c:\documents and settings\Ron\Application Data\MSNInstaller
2009-04-04 04:41 . 2009-04-09 14:27 -------- d-----w c:\program files\TradeStation 8.5 (Build 2289)
2009-04-02 04:53 . 2009-04-03 23:34 -------- d--h--w C:\$AVG8.VAULT$
2009-04-02 02:55 . 2009-04-02 02:55 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-02 02:55 . 2009-04-02 02:55 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-02 02:55 . 2009-04-02 02:55 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-02 02:55 . 2009-04-15 23:10 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-02 02:54 . 2009-04-02 02:54 -------- d-----w c:\program files\AVG
2009-04-02 02:54 . 2009-04-02 02:54 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-02 02:15 . 2009-04-02 02:15 -------- d-----w c:\documents and settings\Ron\Local Settings\Application Data\WMTools Downloaded Files
2009-03-31 17:18 . 2003-02-28 23:26 947472 ----a-w c:\windows\system32\msjava.bak
2009-03-31 04:40 . 2004-08-04 12:00 47066 -c--a-w c:\windows\system32\dllcache\ksc.nls
2009-03-31 04:39 . 2004-08-04 12:00 185344 -c--a-w c:\windows\system32\dllcache\thawbrkr.dll
2009-03-30 18:10 . 2009-03-30 18:10 -------- d-----w c:\program files\CCleaner
2009-03-30 17:01 . 2009-03-30 17:02 -------- d-----w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-03-30 14:27 . 2009-03-30 14:27 -------- d-----w c:\documents and settings\Ron\Application Data\Malwarebytes
2009-03-30 14:21 . 2009-03-26 21:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-30 14:21 . 2009-03-26 21:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 14:21 . 2009-03-30 14:21 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 14:21 . 2009-04-02 02:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-30 12:30 . 2009-03-30 12:30 23 --sha-w c:\windows\system32\edacded0_x.dat
2009-03-30 12:30 . 2009-03-30 12:30 23 ----a-w c:\windows\system32\bcdadac7_x.xml
2009-03-30 12:30 . 2009-04-09 03:14 -------- d-----w c:\program files\jv16 PowerTools 2009
2009-03-27 17:30 . 2009-04-15 13:30 43 ----a-w c:\windows\WALLSTRT.INI
2009-03-27 16:51 . 2009-03-27 16:51 -------- d-----w c:\program files\Common Files\TradeStation Technologies
2009-03-27 03:05 . 2009-03-27 03:05 -------- d-----w c:\documents and settings\Ron\Application Data\TradeStation Technologies
2009-03-26 16:57 . 2009-04-04 04:20 -------- d-----w c:\documents and settings\Ron\Local Settings\Application Data\Deployment
2009-03-26 03:37 . 2009-03-26 03:37 25 ----a-w c:\windows\mixerdef.ini
2009-03-26 03:37 . 2009-03-26 03:37 -------- d-----w c:\program files\Common Files\Voyetra
2009-03-26 03:27 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\write.exe
2009-03-26 03:17 . 2009-03-26 03:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-26 03:16 . 2008-04-13 18:45 10624 -c--a-w c:\windows\system32\dllcache\gameenum.sys
2009-03-26 03:16 . 2008-04-13 18:45 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-03-26 03:10 . 2009-03-26 03:10 -------- d-----w c:\documents and settings\Ron\Local Settings\Application Data\ATI
2009-03-26 03:10 . 2009-03-26 03:10 -------- d-----w c:\documents and settings\Ron\Application Data\ATI
2009-03-26 03:10 . 2009-03-26 03:10 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-26 03:09 . 2009-03-26 03:09 0 ----a-w c:\windows\ativpsrm.bin
2009-03-26 03:05 . 2009-03-26 03:05 -------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-26 03:02 . 2008-12-01 19:35 593920 ------w c:\windows\system32\ati2sgag.exe
2009-03-26 03:02 . 2009-03-26 03:06 -------- d-----w c:\program files\ATI Technologies
2009-03-26 03:00 . 2009-03-26 03:00 -------- d-----w C:\Diamond
2009-03-24 18:54 . 2009-03-24 18:54 -------- d-----w C:\New Folder 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 04:30 . 2007-06-03 20:15 -------- d-----w c:\documents and settings\Ron\Application Data\uTorrent
2009-04-12 19:17 . 2008-05-12 22:42 -------- d-----w c:\documents and settings\Ron\Application Data\mjusbsp
2009-04-12 03:56 . 2007-10-30 09:38 -------- d-----w c:\program files\Yahoo!
2009-04-12 03:56 . 2009-01-28 20:51 -------- d-----w c:\documents and settings\Ron\Application Data\Yahoo!
2009-04-12 03:54 . 2007-06-13 14:59 -------- d-----w c:\documents and settings\Ron\Application Data\DVD Flick
2009-03-31 04:47 . 2007-06-02 22:10 70464 -c--a-w c:\documents and settings\Ron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 15:04 . 2007-06-21 03:53 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-30 15:04 . 2007-06-21 03:53 -------- d-----w c:\documents and settings\Ron\Application Data\SUPERAntiSpyware.com
2009-03-30 15:03 . 2007-06-21 01:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-26 13:28 . 2007-06-03 20:15 -------- d-----w c:\program files\uTorrent
2009-03-26 03:35 . 2009-03-26 03:35 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-03-26 03:35 . 2009-03-26 03:35 -------- d-----w c:\program files\Turtle Beach
2009-03-26 03:35 . 2007-06-02 21:34 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 03:35 . 2007-06-02 21:21 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-26 03:17 . 2007-06-03 18:45 -------- d-----w c:\program files\Java
2009-03-24 19:37 . 2007-11-15 16:14 -------- d-----w c:\program files\Yahoo! Games
2009-03-16 19:49 . 2007-12-05 03:42 -------- d-----w c:\documents and settings\Ron\Application Data\Image Zone Express
2009-03-10 07:07 . 2009-03-24 19:50 142742 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-03-09 06:34 . 2009-03-09 06:34 -------- d-----w c:\program files\1stWORKS
2009-03-09 06:34 . 2009-03-09 06:34 -------- d-----w c:\documents and settings\All Users\Application Data\1stWorks
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-28 14:38 . 2008-08-11 15:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-18 09:17 . 2009-02-16 17:16 -------- d-----w c:\documents and settings\Ron\Application Data\Uniblue
2009-02-18 09:17 . 2009-02-16 17:16 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-17 15:55 . 2009-02-17 15:55 -------- d-----w c:\program files\MSECache
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-27 06:20 . 2009-01-27 05:20 13030 ----a-w C:\PDOXUSRS.NET
2009-01-27 05:50 . 2009-01-27 05:50 159 ----a-w C:\Delapp.bat
2008-09-19 23:22 . 2007-11-12 00:48 81920 -c--a-w c:\documents and settings\Ron\Application Data\ezpinst.exe
2008-09-19 23:22 . 2007-11-12 00:48 47360 -c--a-w c:\documents and settings\Ron\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-18 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-24 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-26 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Turtle Beach Riviera"="c:\program files\Turtle Beach\Riviera\TBRivieraTray.exe" [2007-09-06 1613824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-02 1932568]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-02 02:55 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2008-12-17 18:36 50520 ----a-w c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2008-05-21 23:26 451896 ----a-w c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-05-16 12:11 648504 ----a-w c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-19 23:14 16844800 -c--a-w c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"c:\\Program Files\\1stWORKS\\hotCommLite\\BIN\\HotComm.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"e:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Ron\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\DRIVERS\pnp680.sys [2006-06-20 59776]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-02 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-02 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-02 298264]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-09-27 2368]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-04-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-04-12 c:\windows\Tasks\User_Feed_Synchronization-{A1A5BD98-0E9F-4BC8-8D1A-D03C17DBD9AB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 203.82.52.210:8080
uInternet Settings,ProxyOverride = <local>
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\ltogozeq.default\
FF - component: c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\ltogozeq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 23:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00399568-0d00-49b5-a378-20b724cc808c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000151
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,a5,4b,ef,97,3c,e7,af,09,46,69,41,d6,bd,40,51,ea,7a,c0,52,88,
4e,3f,7e,67,78,c4,4c,b7,3b,e8,cc,f8,ba,7d,0b,be,1b,a8,10,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-16 23:40
ComboFix-quarantined-files.txt 2009-04-16 04:39

Pre-Run: 27,181,207,552 bytes free
Post-Run: 27,185,856,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

248 --- E O F --- 2009-03-25 02:54

#12 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 15 April 2009 - 11:48 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ron at 23:47:05.95 on Wed 04/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.428 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\downloads\dds(3).scr
E:\downloads\dds(3).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 203.82.52.210:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\ron\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Turtle Beach Riviera] "c:\program files\turtle beach\riviera\TBRivieraTray.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_2_04-windows-i586.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181938138640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\ltogozeq.default\
FF - component: c:\documents and settings\ron\application data\mozilla\firefox\profiles\ltogozeq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-26 59776]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-1 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-1 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-1 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-9-27 2368]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]

=============== Created Last 30 ================

2009-04-15 23:34 <DIR> a-dshr-- C:\cmdcons
2009-04-15 23:33 161,792 a------- c:\windows\SWREG.exe
2009-04-15 23:33 98,816 a------- c:\windows\sed.exe
2009-04-15 23:32 <DIR> --d----- C:\ComboFix
2009-04-11 22:50 <DIR> -cd-h--- c:\windows\ie8
2009-04-11 22:49 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-08 21:39 <DIR> --d----- c:\docume~1\ron\applic~1\MSNInstaller
2009-04-03 23:41 <DIR> --d----- c:\program files\TradeStation 8.5 (Build 2289)
2009-04-01 23:53 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-01 21:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-01 21:55 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-01 21:55 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-01 21:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-01 21:54 <DIR> --d----- c:\program files\AVG
2009-04-01 21:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-31 12:18 947,472 a------- c:\windows\system32\msjava.bak
2009-03-30 23:40 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls
2009-03-30 23:39 185,344 ac------ c:\windows\system32\dllcache\thawbrkr.dll
2009-03-30 13:10 <DIR> --d----- c:\program files\CCleaner
2009-03-30 12:01 <DIR> --d----- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-03-30 09:27 <DIR> --d----- c:\docume~1\ron\applic~1\Malwarebytes
2009-03-30 09:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 09:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 09:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-30 09:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 07:30 23 a--sh--- c:\windows\system32\edacded0_x.dat
2009-03-30 07:30 23 a------- c:\windows\system32\bcdadac7_x.xml
2009-03-30 07:30 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-27 12:30 43 a------- c:\windows\WALLSTRT.INI
2009-03-27 11:51 <DIR> --d----- c:\program files\common files\TradeStation Technologies
2009-03-26 22:05 <DIR> --d----- c:\docume~1\ron\applic~1\TradeStation Technologies
2009-03-25 22:37 25 a------- c:\windows\mixerdef.ini
2009-03-25 22:37 <DIR> --d----- c:\program files\common files\Voyetra
2009-03-25 22:35 <DIR> --d----- c:\program files\Turtle Beach
2009-03-25 22:27 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-03-25 22:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 22:16 10,624 ac------ c:\windows\system32\dllcache\gameenum.sys
2009-03-25 22:16 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-03-25 22:09 0 a------- c:\windows\ativpsrm.bin
2009-03-25 22:05 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-03-25 22:02 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-25 22:02 <DIR> --d----- c:\program files\ATI Technologies
2009-03-25 22:00 <DIR> --d----- C:\Diamond
2009-03-24 13:54 <DIR> --d----- C:\New Folder 1

==================== Find3M ====================

2009-03-10 02:07 142,742 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-27 00:50 159 a------- C:\Delapp.bat
2008-09-19 18:22 81,920 ac------ c:\docume~1\ron\applic~1\ezpinst.exe
2008-09-19 18:22 47,360 ac------ c:\docume~1\ron\applic~1\pcouffin.sys
2008-09-01 03:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat
2008-09-01 03:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 23:47:13.68 ===============

#13 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 15 April 2009 - 11:49 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2007 4:13:52 PM
System Uptime: 4/14/2009 6:12:12 AM (41 hours ago)

Motherboard: | | NF-MCP61
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+ | Socket M2 | 2813/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 25.346 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 111.802 GiB free.
F: is CDROM ()
G: is Removable
J: is FIXED (NTFS) - 1397 GiB total, 763.739 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP561: 4/8/2009 1:35:07 AM - System Checkpoint
RP562: 4/8/2009 3:26:59 PM - System Checkpoint
RP563: 4/9/2009 9:23:19 AM - Removed TradeStation 8.5 (Build 2289)
RP564: 4/9/2009 9:25:14 AM - Installed TradeStation 8.5 (Build 2289)
RP565: 4/11/2009 10:52:55 PM - Installed Windows Internet Explorer 8.
RP566: 4/11/2009 10:57:10 PM - Software Distribution Service 3.0
RP567: 4/13/2009 2:27:59 AM - System Checkpoint
RP568: 4/14/2009 3:10:59 AM - System Checkpoint
RP569: 4/14/2009 8:57:50 AM - Avg8 Update
RP570: 4/15/2009 11:33:46 PM - ComboFix created restore point

==== Installed Programs ======================

µTorrent
1400
1400_Help
1400Trb
ACDSee Pro
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan
AiOSoftware
Apple Software Update
AT&T Yahoo! Internet Mail
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
AVG 8.5
BetGameDay
BufferChm
C-Media PCI Audio Device
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CloneDVD 4.1.0.23
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
Duplicate Finder
DVD Flick
DVD Shrink 3.2
eSupportQFolder
Fax
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
hotComm Lite®
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
jv16 PowerTools 2009
Logitech G11 Keyboard Software 1.03
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Premium
neroxml
Network Magic
NewCopy
NVIDIA Drivers
PCI Audio Driver
PicLens for Internet Explorer
ProductContext
Pure Networks Platform
QuickTime
Readme
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RegCure 1.5.0.0
ReNamer
Scan
ScannerCopy
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skins
SolutionCenter
Status
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
TradeStation 8.5 (Build 2289)
TrayApp
TreeSize Free V2.1
Turtle Beach Riviera PCI Driver
Unity Web Player
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VLC media player 0.9.4
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.1
WinRAR archiver
World of Warcraft
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/9/2009 4:05:40 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F569F262-31A8-4E79-9532-04FD9C6A7A50} because another computer on the network has the same name. The server could not start.
4/9/2009 4:05:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/8/2009 8:14:52 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
4/8/2009 1:34:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'resume.dat.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

#14 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 15 April 2009 - 11:50 PM

Posted the combofix log and the others you requested. Thanks for assisting with my problem. I appreciate it very much.

Zz

#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:20 AM

Posted 16 April 2009 - 12:37 PM

Hi

Please move ComboFix.exe file from e:\downloads folder to your desktop :thumbup2:


Before giving further instructions I'd like to know are you familiar with these proxy settings (especially the ip address on the first line):
uInternet Settings,ProxyServer = 203.82.52.210:8080
uInternet Settings,ProxyOverride = <local>

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users