Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Links Redirecting


  • This topic is locked This topic is locked
16 replies to this topic

#1 afl0ck0fg0ats

afl0ck0fg0ats

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 29 March 2009 - 06:50 PM

Hello, ive been having problems with Google and other search engines, when I search for something and click on a link i get redirected to an unrelated site and the only way i can get to the site i wanted is to copy paste the url. I googled this problem and found that its caused by like a vundo or malware or something so i downloaded Hijackthis and ran a scan, heres the results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:28 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8083ECB7-4DAC-4DED-AA61-72730ED0B709}: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{E44DC366-596A-423A-A36C-9917E5783BCA}: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{8083ECB7-4DAC-4DED-AA61-72730ED0B709}: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\..\{8083ECB7-4DAC-4DED-AA61-72730ED0B709}: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.233,85.255.112.19
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5906 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 29 March 2009 - 07:49 PM

Hello afl0ck0fg0ats,

Posted Image

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 March 2009 - 04:44 PM

alright i got a problem with the Malwarebytes Anti-Malware program, i downloaded it from the sties u gave and installed but it doesnt run. I double click the icon, i tried starting it from task manager, and i tried right clicking C:/ drive and pressing scan with Malwarebytes... but nothing happened. i started computer over and tried again but it just doesnt open any window or do anything

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 30 March 2009 - 04:52 PM

Hello,

That's all right. I expect what's going on is you have a rootkit, so let's go about this a different way.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix cannot run, then rename ComboFix.exe to flockofgoats.exe and try it again. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 March 2009 - 08:50 PM

okay got the Combofix log:

ComboFix 09-03-29.04 - Josh 2009-03-30 20:43:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.111 [GMT -5:00]
Running from: c:\documents and settings\Josh\Desktop\MY Junk Stuff\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Josh\Application Data\inst.exe
c:\recycler\S-7-5-26-100022160-100028112-100018447-1450.com
c:\windows\system32\drivers\gaopdxejtxtetewndppyroyeumjomltrshnlqh.sys
c:\windows\system32\gaopdxcgwalxgxrfdlfudxtpkuyewemnegkdsk.dll
c:\windows\system32\gaopdxcounter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 19:06 . 2009-03-30 19:06 <DIR> d-------- c:\documents and settings\Britta\Application Data\STOPzilla!
2009-03-30 16:33 . 2009-03-30 16:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 16:33 . 2009-03-30 16:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 16:33 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 16:33 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 18:14 . 2009-03-29 18:14 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 18:01 . 2009-03-29 18:01 <DIR> d-------- C:\VundoFix Backups
2009-03-29 17:55 . 2009-03-30 17:30 <DIR> d-------- c:\program files\STOPzilla!
2009-03-29 17:55 . 2009-03-29 17:55 <DIR> d-------- c:\documents and settings\Josh\Application Data\STOPzilla!
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-03-28 18:56 . 2009-03-28 18:56 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-28 14:49 . 2009-03-28 14:51 <DIR> d-------- c:\documents and settings\Josh\Application Data\vlc
2009-03-28 14:48 . 2009-03-28 15:47 <DIR> d-------- c:\documents and settings\Josh\Application Data\dvdcss
2009-03-28 14:11 . 2009-03-28 14:11 <DIR> d-------- c:\program files\VideoLAN
2009-03-27 15:21 . 2009-03-27 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-03-27 15:11 . 2009-03-27 15:11 14,665,056 --a------ c:\documents and settings\Josh\sAWLPyJtfwQ.exe
2009-03-26 02:05 . 2009-03-30 02:12 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 15:40 . 2009-03-27 08:23 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 15:40 . 2009-03-25 15:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 15:39 . 2009-03-30 17:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 15:39 . 2009-03-25 15:39 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-24 20:21 . 2009-03-24 21:11 158 --a------ c:\documents and settings\Britta\Application Data\wklnhst.dat
2009-03-24 07:27 . 2009-03-24 07:27 <DIR> d-------- c:\program files\Sony Setup
2009-03-22 13:23 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-22 13:23 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-22 13:23 . 2005-08-17 01:46 1,214 -ra------ c:\windows\system32\lxcg.loc
2009-03-22 13:22 . 2009-03-22 20:27 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-03-22 13:22 . 2009-03-22 13:23 <DIR> d-------- c:\program files\Lexmark 2300 Series
2009-03-22 11:13 . 2009-03-22 13:38 188 --a------ c:\documents and settings\Josh\Application Data\wklnhst.dat
2009-03-22 11:06 . 2009-03-22 11:07 <DIR> d-------- c:\program files\Microsoft Picture It! 9
2009-03-22 11:03 . 2009-03-24 20:25 376 --a------ c:\windows\ODBC.INI
2009-03-22 11:01 . 2009-03-22 11:01 <DIR> d-------- c:\windows\ShellNew
2009-03-22 11:01 . 2009-03-22 11:01 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-22 10:56 . 2009-03-22 11:03 <DIR> d-------- c:\program files\Microsoft Works
2009-03-22 10:53 . 2009-03-22 10:53 <DIR> d-------- c:\program files\Microsoft Works Suite 2004
2009-03-21 19:09 . 2009-03-28 17:14 <DIR> d-------- c:\documents and settings\Josh\Application Data\gtk-2.0
2009-03-21 19:09 . 2009-03-28 17:05 <DIR> d-------- c:\documents and settings\Josh\.thumbnails
2009-03-21 19:06 . 2009-03-28 18:51 <DIR> d-------- c:\documents and settings\Josh\.gimp-2.6
2009-03-21 19:05 . 2009-03-21 19:06 <DIR> d-------- c:\documents and settings\Josh\.gegl-0.0
2009-03-21 19:04 . 2009-03-21 19:04 <DIR> d-------- c:\program files\GIMP-2.0
2009-03-20 15:02 . 2009-03-20 15:02 <DIR> d-------- c:\program files\Xilisoft
2009-03-18 21:39 . 2009-03-18 21:39 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-03-18 20:32 . 2009-03-18 20:32 <DIR> d-------- c:\documents and settings\Josh\Application Data\NCH Software
2009-03-18 15:47 . 2009-03-18 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2009-03-18 15:46 . 2009-03-20 07:27 <DIR> d-------- c:\program files\NCH Software
2009-03-11 22:10 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-11 22:03 . 2009-03-22 10:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 21:47 . 2009-03-11 21:57 <DIR> d-------- c:\documents and settings\Josh\Application Data\GetRightToGo
2009-03-04 23:06 . 2009-03-27 16:00 <DIR> d-------- c:\documents and settings\Josh\Application Data\FrostWire
2009-03-03 16:56 . 2009-03-03 16:56 <DIR> d-------- c:\documents and settings\Britta\Application Data\AdobeUM
2009-03-03 08:47 . 2005-07-28 12:38 <DIR> d-------- c:\documents and settings\Maria & Greta\WINDOWS
2009-03-03 08:47 . 2009-03-25 15:41 <DIR> d-------- c:\documents and settings\Maria & Greta
2009-03-03 08:47 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-01 13:51 . 2009-03-01 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-03-01 13:44 . 2009-03-20 16:06 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-26 19:21 . 2009-03-04 22:39 <DIR> d-------- c:\documents and settings\Josh\Application Data\Apple Computer
2009-02-26 18:38 . 2009-02-26 18:39 <DIR> d-------- c:\documents and settings\Josh\Application Data\Vso
2009-02-26 18:38 . 2009-02-26 18:38 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-26 18:38 . 2009-02-26 18:38 47,360 --a------ c:\documents and settings\Josh\Application Data\pcouffin.sys
2009-02-26 18:37 . 2009-02-26 18:38 <DIR> d-------- c:\program files\DVDFab 5
2009-02-24 21:11 . 2009-02-24 21:11 0 --ah----- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-02-24 21:11 . 2009-02-24 21:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-02-24 21:10 . 2009-02-24 21:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-02-24 21:01 . 2009-02-24 21:01 <DIR> d-------- c:\documents and settings\Josh\Application Data\AdobeUM
2009-02-24 21:00 . 2009-03-28 18:59 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-24 04:00 . 2009-02-24 04:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-23 08:36 . 2009-02-23 09:00 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-22 20:23 . 2009-02-22 20:23 <DIR> d-------- c:\documents and settings\Britta\Application Data\Apple Computer
2009-02-22 20:22 . 2009-02-22 20:22 <DIR> d-------- c:\program files\iTunes
2009-02-22 20:22 . 2009-02-22 20:22 <DIR> d-------- c:\program files\iPod
2009-02-22 20:22 . 2009-02-22 20:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-22 20:22 . 2008-04-17 14:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-22 20:22 . 2008-04-17 14:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-22 20:21 . 2009-02-22 20:21 <DIR> d-------- c:\program files\Bonjour
2009-02-22 20:20 . 2009-02-22 20:21 <DIR> d-------- c:\program files\QuickTime
2009-02-22 20:20 . 2009-02-22 20:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-22 20:19 . 2009-02-22 20:22 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-22 20:19 . 2009-02-22 20:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-22 20:19 . 2009-02-22 20:19 <DIR> d-------- c:\program files\Apple Software Update
2009-02-22 20:19 . 2009-02-22 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-22 18:31 . 2009-02-22 18:31 <DIR> d-------- c:\windows\Sun
2009-02-22 15:43 . 2009-03-30 20:33 <DIR> d-------- c:\documents and settings\Britta\Application Data\FrostWire
2009-02-22 15:41 . 2009-02-22 15:41 <DIR> d-------- c:\program files\Java
2009-02-22 15:41 . 2009-02-22 15:41 <DIR> d-------- c:\program files\Common Files\Java
2009-02-22 15:41 . 2008-06-10 03:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-22 15:39 . 2009-03-04 23:07 <DIR> d-------- c:\program files\FrostWire
2009-02-22 15:39 . 2009-03-02 21:09 <DIR> d-------- c:\program files\AskBarDis
2009-02-22 15:35 . 2009-02-22 18:05 <DIR> d-------- c:\documents and settings\Britta\Application Data\uTorrent
2009-02-22 15:05 . 2009-02-22 15:05 <DIR> d-------- c:\windows\Watson
2009-02-22 15:05 . 2009-02-22 15:05 <DIR> d-------- c:\program files\Microsoft Games
2009-02-22 14:38 . 2009-02-22 14:38 118 --a------ c:\windows\system32\MRT.INI
2009-02-22 14:04 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-22 14:04 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-22 14:01 . 2009-02-22 14:01 <DIR> d-------- c:\program files\uTorrent
2009-02-22 14:01 . 2009-03-29 19:41 <DIR> d-------- c:\documents and settings\Josh\Application Data\uTorrent
2009-02-22 13:59 . 2008-08-14 05:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-22 13:59 . 2008-08-14 04:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-22 13:59 . 2008-08-14 04:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-22 13:59 . 2008-08-14 04:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-22 13:48 . 2009-02-22 13:48 <DIR> d-------- c:\program files\VIA
2009-02-22 13:47 . 2006-06-14 04:00 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys
2009-02-22 13:47 . 2006-06-14 04:00 82,944 --a--c--- c:\windows\system32\dllcache\wdmaud.sys
2009-02-22 13:47 . 2004-08-04 00:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2009-02-22 13:47 . 2004-08-04 00:07 52,864 --a--c--- c:\windows\system32\dllcache\dmusic.sys
2009-02-22 13:47 . 2006-06-14 03:47 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2009-02-22 13:47 . 2006-06-14 03:47 6,400 --a--c--- c:\windows\system32\dllcache\splitter.sys
2009-02-22 13:45 . 2009-02-22 13:45 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-02-22 13:45 . 2009-02-22 13:45 <DIR> d-------- c:\program files\AvRack
2009-02-22 13:45 . 2005-05-13 16:19 15,692,800 --a------ c:\windows\system32\ALSNDMGR.CPL
2009-02-22 13:12 . 2009-02-22 13:12 <DIR> d-------- c:\program files\S3
2009-02-22 12:56 . 2009-02-22 13:35 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-22 12:40 . 2009-02-22 13:28 <DIR> d-------- C:\cabs
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\program files\Western Digital Technologies
2009-02-22 12:10 . 2008-03-21 14:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-22 12:10 . 2009-02-22 12:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-22 12:10 . 2009-02-22 12:10 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-02-22 12:07 . 2009-02-22 12:09 <DIR> d-------- c:\program files\Zune
2009-02-22 12:06 . 2009-03-11 16:21 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-22 12:06 . 2008-05-02 08:30 464,384 --------- c:\windows\system32\imapi2fs.dll
2009-02-22 12:06 . 2008-05-02 08:30 464,384 -----c--- c:\windows\system32\dllcache\imapi2fs.dll
2009-02-22 12:06 . 2008-05-02 08:30 317,952 --------- c:\windows\system32\imapi2.dll
2009-02-22 12:06 . 2008-05-02 08:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll
2009-02-22 12:06 . 2008-05-02 04:05 62,592 -----c--- c:\windows\system32\dllcache\cdrom.sys
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-22 12:04 . 2009-02-24 21:10 <DIR> d-------- c:\windows\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-12-12 18:41 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-12-12 18:41 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-12-05 07:12 144,896 ----a-w c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 23:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-25 1932568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"STOPzilla"="c:\program files\STOPzilla!\Stopzilla.exe" [2003-11-10 36864]
"SoundMan"="SOUNDMAN.EXE" [2005-05-13 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

c:\documents and settings\Britta\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-09-03 114688]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 15:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [2003-11-09 45056]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\3rhu4hzg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 20:46:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 20:47:59
ComboFix-quarantined-files.txt 2009-03-31 01:47:52

Pre-Run: 81,615,683,584 bytes free
Post-Run: 82,331,254,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2009-03-30 22:43:26














and the updated HJT log:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:41 PM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.233,85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\..\{8083ECB7-4DAC-4DED-AA61-72730ED0B709}: NameServer = 85.255.112.233,85.255.112.19
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5219 bytes

Edited by afl0ck0fg0ats, 30 March 2009 - 08:53 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 30 March 2009 - 09:01 PM

Hello,

Yep....that's some nasty rootkit garbage. :thumbup2: Hang around for just a few minutes so I can put this script together for you. In the meantime, please let me know how it's running? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 March 2009 - 09:16 PM

well my original problem is fixed, the search engines work fine now, but i dont know how to read all these logs so i dont really know if everything is gone

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 30 March 2009 - 09:18 PM

Hello,

Thanks. :thumbup2: Glad it's better.

Looks like just junk now......like the AskBar. :step4:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Folder::
C:\VundoFix Backups
c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
c:\program files\AskBarDis

File::
c:\documents and settings\Josh\sAWLPyJtfwQ.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. We'll finish up after that. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 March 2009 - 09:37 PM

ok heres final ComboFix log, when running it didnt say it deleted anything so i hope that means its clean now:


ComboFix 09-03-30.01 - Josh 2009-03-30 21:31:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.119 [GMT -5:00]
Running from: c:\documents and settings\Josh\Desktop\MY Junk Stuff\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 21:30 . 2009-03-30 21:31 <DIR> d-------- C:\32788R22FWJFW
2009-03-30 19:06 . 2009-03-30 19:06 <DIR> d-------- c:\documents and settings\Britta\Application Data\STOPzilla!
2009-03-30 16:33 . 2009-03-30 16:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 16:33 . 2009-03-30 16:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 16:33 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 16:33 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 18:14 . 2009-03-29 18:14 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 18:01 . 2009-03-29 18:01 <DIR> d-------- C:\VundoFix Backups
2009-03-29 17:55 . 2009-03-30 17:30 <DIR> d-------- c:\program files\STOPzilla!
2009-03-29 17:55 . 2009-03-29 17:55 <DIR> d-------- c:\documents and settings\Josh\Application Data\STOPzilla!
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-03-28 18:56 . 2009-03-28 18:56 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-28 14:49 . 2009-03-28 14:51 <DIR> d-------- c:\documents and settings\Josh\Application Data\vlc
2009-03-28 14:48 . 2009-03-28 15:47 <DIR> d-------- c:\documents and settings\Josh\Application Data\dvdcss
2009-03-28 14:11 . 2009-03-28 14:11 <DIR> d-------- c:\program files\VideoLAN
2009-03-27 15:21 . 2009-03-27 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-03-27 15:11 . 2009-03-27 15:11 14,665,056 --a------ c:\documents and settings\Josh\sAWLPyJtfwQ.exe
2009-03-26 02:05 . 2009-03-30 02:12 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 15:40 . 2009-03-27 08:23 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 15:40 . 2009-03-25 15:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 15:39 . 2009-03-30 17:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 15:39 . 2009-03-25 15:39 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-24 20:21 . 2009-03-24 21:11 158 --a------ c:\documents and settings\Britta\Application Data\wklnhst.dat
2009-03-24 07:27 . 2009-03-24 07:27 <DIR> d-------- c:\program files\Sony Setup
2009-03-22 13:23 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-22 13:23 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-22 13:23 . 2005-08-17 01:46 1,214 -ra------ c:\windows\system32\lxcg.loc
2009-03-22 13:22 . 2009-03-22 20:27 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-03-22 13:22 . 2009-03-22 13:23 <DIR> d-------- c:\program files\Lexmark 2300 Series
2009-03-22 11:13 . 2009-03-22 13:38 188 --a------ c:\documents and settings\Josh\Application Data\wklnhst.dat
2009-03-22 11:06 . 2009-03-22 11:07 <DIR> d-------- c:\program files\Microsoft Picture It! 9
2009-03-22 11:03 . 2009-03-24 20:25 376 --a------ c:\windows\ODBC.INI
2009-03-22 11:01 . 2009-03-22 11:01 <DIR> d-------- c:\windows\ShellNew
2009-03-22 11:01 . 2009-03-22 11:01 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-22 10:56 . 2009-03-22 11:03 <DIR> d-------- c:\program files\Microsoft Works
2009-03-22 10:53 . 2009-03-22 10:53 <DIR> d-------- c:\program files\Microsoft Works Suite 2004
2009-03-21 19:09 . 2009-03-28 17:14 <DIR> d-------- c:\documents and settings\Josh\Application Data\gtk-2.0
2009-03-21 19:09 . 2009-03-28 17:05 <DIR> d-------- c:\documents and settings\Josh\.thumbnails
2009-03-21 19:06 . 2009-03-28 18:51 <DIR> d-------- c:\documents and settings\Josh\.gimp-2.6
2009-03-21 19:05 . 2009-03-21 19:06 <DIR> d-------- c:\documents and settings\Josh\.gegl-0.0
2009-03-21 19:04 . 2009-03-21 19:04 <DIR> d-------- c:\program files\GIMP-2.0
2009-03-20 15:02 . 2009-03-20 15:02 <DIR> d-------- c:\program files\Xilisoft
2009-03-18 21:39 . 2009-03-18 21:39 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-03-18 20:32 . 2009-03-18 20:32 <DIR> d-------- c:\documents and settings\Josh\Application Data\NCH Software
2009-03-18 15:47 . 2009-03-18 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2009-03-18 15:46 . 2009-03-20 07:27 <DIR> d-------- c:\program files\NCH Software
2009-03-11 22:10 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-11 22:03 . 2009-03-22 10:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 21:47 . 2009-03-11 21:57 <DIR> d-------- c:\documents and settings\Josh\Application Data\GetRightToGo
2009-03-04 23:06 . 2009-03-27 16:00 <DIR> d-------- c:\documents and settings\Josh\Application Data\FrostWire
2009-03-03 16:56 . 2009-03-03 16:56 <DIR> d-------- c:\documents and settings\Britta\Application Data\AdobeUM
2009-03-03 08:47 . 2005-07-28 12:38 <DIR> d-------- c:\documents and settings\Maria & Greta\WINDOWS
2009-03-03 08:47 . 2009-03-25 15:41 <DIR> d-------- c:\documents and settings\Maria & Greta
2009-03-03 08:47 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-01 13:51 . 2009-03-01 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-03-01 13:44 . 2009-03-20 16:06 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-26 19:21 . 2009-03-04 22:39 <DIR> d-------- c:\documents and settings\Josh\Application Data\Apple Computer
2009-02-26 18:38 . 2009-02-26 18:39 <DIR> d-------- c:\documents and settings\Josh\Application Data\Vso
2009-02-26 18:38 . 2009-02-26 18:38 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-26 18:38 . 2009-02-26 18:38 47,360 --a------ c:\documents and settings\Josh\Application Data\pcouffin.sys
2009-02-26 18:37 . 2009-02-26 18:38 <DIR> d-------- c:\program files\DVDFab 5
2009-02-24 21:11 . 2009-02-24 21:11 0 --ah----- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-02-24 21:11 . 2009-02-24 21:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-02-24 21:10 . 2009-02-24 21:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-02-24 21:01 . 2009-02-24 21:01 <DIR> d-------- c:\documents and settings\Josh\Application Data\AdobeUM
2009-02-24 21:00 . 2009-03-28 18:59 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-24 04:00 . 2009-02-24 04:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-23 08:36 . 2009-02-23 09:00 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-22 20:23 . 2009-02-22 20:23 <DIR> d-------- c:\documents and settings\Britta\Application Data\Apple Computer
2009-02-22 20:22 . 2009-02-22 20:22 <DIR> d-------- c:\program files\iTunes
2009-02-22 20:22 . 2009-02-22 20:22 <DIR> d-------- c:\program files\iPod
2009-02-22 20:22 . 2009-02-22 20:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-22 20:22 . 2008-04-17 14:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-22 20:22 . 2008-04-17 14:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-22 20:21 . 2009-02-22 20:21 <DIR> d-------- c:\program files\Bonjour
2009-02-22 20:20 . 2009-02-22 20:21 <DIR> d-------- c:\program files\QuickTime
2009-02-22 20:20 . 2009-02-22 20:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-22 20:19 . 2009-02-22 20:22 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-22 20:19 . 2009-02-22 20:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-22 20:19 . 2009-02-22 20:19 <DIR> d-------- c:\program files\Apple Software Update
2009-02-22 20:19 . 2009-02-22 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-22 18:31 . 2009-02-22 18:31 <DIR> d-------- c:\windows\Sun
2009-02-22 15:43 . 2009-03-30 20:33 <DIR> d-------- c:\documents and settings\Britta\Application Data\FrostWire
2009-02-22 15:41 . 2009-02-22 15:41 <DIR> d-------- c:\program files\Java
2009-02-22 15:41 . 2009-02-22 15:41 <DIR> d-------- c:\program files\Common Files\Java
2009-02-22 15:41 . 2008-06-10 03:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-22 15:39 . 2009-03-04 23:07 <DIR> d-------- c:\program files\FrostWire
2009-02-22 15:39 . 2009-03-02 21:09 <DIR> d-------- c:\program files\AskBarDis
2009-02-22 15:35 . 2009-02-22 18:05 <DIR> d-------- c:\documents and settings\Britta\Application Data\uTorrent
2009-02-22 15:05 . 2009-02-22 15:05 <DIR> d-------- c:\windows\Watson
2009-02-22 15:05 . 2009-02-22 15:05 <DIR> d-------- c:\program files\Microsoft Games
2009-02-22 14:38 . 2009-02-22 14:38 118 --a------ c:\windows\system32\MRT.INI
2009-02-22 14:04 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-22 14:04 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-22 14:01 . 2009-02-22 14:01 <DIR> d-------- c:\program files\uTorrent
2009-02-22 14:01 . 2009-03-29 19:41 <DIR> d-------- c:\documents and settings\Josh\Application Data\uTorrent
2009-02-22 13:59 . 2008-08-14 05:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-22 13:59 . 2008-08-14 04:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-22 13:59 . 2008-08-14 04:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-22 13:59 . 2008-08-14 04:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-22 13:48 . 2009-02-22 13:48 <DIR> d-------- c:\program files\VIA
2009-02-22 13:47 . 2006-06-14 04:00 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys
2009-02-22 13:47 . 2006-06-14 04:00 82,944 --a--c--- c:\windows\system32\dllcache\wdmaud.sys
2009-02-22 13:47 . 2004-08-04 00:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2009-02-22 13:47 . 2004-08-04 00:07 52,864 --a--c--- c:\windows\system32\dllcache\dmusic.sys
2009-02-22 13:47 . 2006-06-14 03:47 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2009-02-22 13:47 . 2006-06-14 03:47 6,400 --a--c--- c:\windows\system32\dllcache\splitter.sys
2009-02-22 13:45 . 2009-02-22 13:45 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-02-22 13:45 . 2009-02-22 13:45 <DIR> d-------- c:\program files\AvRack
2009-02-22 13:45 . 2005-05-13 16:19 15,692,800 --a------ c:\windows\system32\ALSNDMGR.CPL
2009-02-22 13:12 . 2009-02-22 13:12 <DIR> d-------- c:\program files\S3
2009-02-22 12:56 . 2009-02-22 13:35 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-22 12:40 . 2009-02-22 13:28 <DIR> d-------- C:\cabs
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\program files\Western Digital Technologies
2009-02-22 12:10 . 2008-03-21 14:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-22 12:10 . 2009-02-22 12:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-22 12:10 . 2009-02-22 12:10 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-02-22 12:07 . 2009-02-22 12:09 <DIR> d-------- c:\program files\Zune
2009-02-22 12:06 . 2009-03-11 16:21 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-22 12:06 . 2008-05-02 08:30 464,384 --------- c:\windows\system32\imapi2fs.dll
2009-02-22 12:06 . 2008-05-02 08:30 464,384 -----c--- c:\windows\system32\dllcache\imapi2fs.dll
2009-02-22 12:06 . 2008-05-02 08:30 317,952 --------- c:\windows\system32\imapi2.dll
2009-02-22 12:06 . 2008-05-02 08:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll
2009-02-22 12:06 . 2008-05-02 04:05 62,592 -----c--- c:\windows\system32\dllcache\cdrom.sys
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d-------- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-12-12 18:41 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-12-12 18:41 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-12-05 07:12 144,896 ----a-w c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 23:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-25 1932568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"STOPzilla"="c:\program files\STOPzilla!\Stopzilla.exe" [2003-11-10 36864]
"SoundMan"="SOUNDMAN.EXE" [2005-05-13 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

c:\documents and settings\Britta\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-09-03 114688]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 15:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [2003-11-09 45056]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\3rhu4hzg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 21:33:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 21:35:05
ComboFix-quarantined-files.txt 2009-03-31 02:35:00
ComboFix2.txt 2009-03-31 01:48:00

Pre-Run: 82,344,882,176 bytes free
Post-Run: 82,331,193,344 bytes free

232 --- E O F --- 2009-03-30 22:43:26

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 30 March 2009 - 10:03 PM

Hello,

Everything is still the same.......are you sure the script saved right when you dragged it over to ComboFix? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 March 2009 - 10:11 PM

it didnt really it said it couldnt find some file where to save it, but i searched for it on my computer but the date on the log said it was the right one


im going in for the night, everything is running fine so im pretty sure it worked, thx ill check it again in the morning

Edited by afl0ck0fg0ats, 30 March 2009 - 10:14 PM.


#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 30 March 2009 - 10:14 PM

Hi,

Save it to your Desktop and as CFScript, just like the directions say, and try it again. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 01 April 2009 - 03:20 PM

alright sorry it took so long, heres the new ComboFix log after i borught your script into it, it saved right this time;


ComboFix 09-04-01.01 - Josh 2009-04-01 15:07:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.113 [GMT -5:00]
Running from: c:\documents and settings\Josh\Desktop\MY Junk Stuff\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Josh\sAWLPyJtfwQ.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Josh\sAWLPyJtfwQ.exe
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\064CBEF9.bin
c:\program files\AskBarDis\bar\Cache\064CC35E.bin
c:\program files\AskBarDis\bar\Cache\064CC439.bin
c:\program files\AskBarDis\bar\Cache\064CC514.bin
c:\program files\AskBarDis\bar\Cache\064CC63D.bin
c:\program files\AskBarDis\bar\Cache\064CC775.bin
c:\program files\AskBarDis\bar\Cache\19A3C62C
c:\program files\AskBarDis\bar\Cache\19A3D128.bin
c:\program files\AskBarDis\bar\Cache\19A3D37A.bin
c:\program files\AskBarDis\bar\Cache\19A3D658.bin
c:\program files\AskBarDis\bar\Cache\19A3D7DF.bin
c:\program files\AskBarDis\bar\Cache\19A3D8E8.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
C:\VundoFix Backups
E:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-03-31 14:55 . 2005-07-28 12:38 <DIR> d-------- c:\documents and settings\Guest\WINDOWS
2009-03-31 14:55 . 2009-03-31 14:55 <DIR> d-------- c:\documents and settings\Guest\Application Data\STOPzilla!
2009-03-31 14:55 . 2009-03-31 14:55 <DIR> d-------- c:\documents and settings\Guest
2009-03-30 19:06 . 2009-03-30 19:06 <DIR> d-------- c:\documents and settings\Britta\Application Data\STOPzilla!
2009-03-30 16:33 . 2009-03-30 16:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 16:33 . 2009-03-30 16:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 16:33 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 16:33 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 18:14 . 2009-03-29 18:14 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 17:55 . 2009-03-31 14:56 <DIR> d-------- c:\program files\STOPzilla!
2009-03-29 17:55 . 2009-03-29 17:55 <DIR> d-------- c:\documents and settings\Josh\Application Data\STOPzilla!
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-03-28 18:56 . 2009-03-28 18:56 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-28 14:49 . 2009-03-28 14:51 <DIR> d-------- c:\documents and settings\Josh\Application Data\vlc
2009-03-28 14:48 . 2009-03-28 15:47 <DIR> d-------- c:\documents and settings\Josh\Application Data\dvdcss
2009-03-28 14:11 . 2009-03-28 14:11 <DIR> d-------- c:\program files\VideoLAN
2009-03-27 15:21 . 2009-03-27 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-03-26 02:05 . 2009-04-01 02:50 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 15:40 . 2009-03-27 08:23 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 15:40 . 2009-03-25 15:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 15:39 . 2009-04-01 09:21 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 15:39 . 2009-03-25 15:39 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-24 20:21 . 2009-03-24 21:11 158 --a------ c:\documents and settings\Britta\Application Data\wklnhst.dat
2009-03-24 07:27 . 2009-03-24 07:27 <DIR> d-------- c:\program files\Sony Setup
2009-03-22 13:23 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-22 13:23 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-22 13:23 . 2005-08-17 01:46 1,214 -ra------ c:\windows\system32\lxcg.loc
2009-03-22 13:22 . 2009-03-22 13:23 <DIR> d-------- c:\program files\Lexmark 2300 Series
2009-03-22 11:13 . 2009-03-22 13:38 188 --a------ c:\documents and settings\Josh\Application Data\wklnhst.dat
2009-03-22 11:06 . 2009-03-22 11:07 <DIR> d-------- c:\program files\Microsoft Picture It! 9
2009-03-22 11:03 . 2009-03-24 20:25 376 --a------ c:\windows\ODBC.INI
2009-03-22 11:01 . 2009-03-22 11:01 <DIR> d-------- c:\windows\ShellNew
2009-03-22 11:01 . 2009-03-22 11:01 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-22 10:56 . 2009-03-22 11:03 <DIR> d-------- c:\program files\Microsoft Works
2009-03-22 10:53 . 2009-03-22 10:53 <DIR> d-------- c:\program files\Microsoft Works Suite 2004
2009-03-21 19:09 . 2009-03-28 17:14 <DIR> d-------- c:\documents and settings\Josh\Application Data\gtk-2.0
2009-03-21 19:09 . 2009-03-28 17:05 <DIR> d-------- c:\documents and settings\Josh\.thumbnails
2009-03-21 19:06 . 2009-03-28 18:51 <DIR> d-------- c:\documents and settings\Josh\.gimp-2.6
2009-03-21 19:05 . 2009-03-21 19:06 <DIR> d-------- c:\documents and settings\Josh\.gegl-0.0
2009-03-21 19:04 . 2009-03-21 19:04 <DIR> d-------- c:\program files\GIMP-2.0
2009-03-20 15:02 . 2009-03-20 15:02 <DIR> d-------- c:\program files\Xilisoft
2009-03-18 21:39 . 2009-03-18 21:39 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-03-18 20:32 . 2009-03-18 20:32 <DIR> d-------- c:\documents and settings\Josh\Application Data\NCH Software
2009-03-18 15:47 . 2009-03-18 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2009-03-18 15:46 . 2009-03-20 07:27 <DIR> d-------- c:\program files\NCH Software
2009-03-11 22:10 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-11 22:03 . 2009-03-22 10:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 21:47 . 2009-03-11 21:57 <DIR> d-------- c:\documents and settings\Josh\Application Data\GetRightToGo
2009-03-04 23:06 . 2009-03-27 16:00 <DIR> d-------- c:\documents and settings\Josh\Application Data\FrostWire
2009-03-03 16:56 . 2009-03-03 16:56 <DIR> d-------- c:\documents and settings\Britta\Application Data\AdobeUM
2009-03-03 08:47 . 2005-07-28 12:38 <DIR> d-------- c:\documents and settings\Maria & Greta\WINDOWS
2009-03-03 08:47 . 2009-03-25 15:41 <DIR> d-------- c:\documents and settings\Maria & Greta
2009-03-03 08:47 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-01 13:51 . 2009-03-01 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-03-01 13:44 . 2009-03-20 16:06 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 19:55 --------- d-----w c:\documents and settings\Britta\Application Data\FrostWire
2009-03-30 00:41 --------- d-----w c:\documents and settings\Josh\Application Data\uTorrent
2009-03-28 23:59 --------- d-----w c:\program files\Common Files\Adobe
2009-03-25 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-05 04:07 --------- d-----w c:\program files\FrostWire
2009-03-05 03:39 --------- d-----w c:\documents and settings\Josh\Application Data\Apple Computer
2009-02-26 23:39 --------- d-----w c:\documents and settings\Josh\Application Data\Vso
2009-02-26 23:38 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-26 23:38 47,360 ----a-w c:\documents and settings\Josh\Application Data\pcouffin.sys
2009-02-26 23:38 --------- d-----w c:\program files\DVDFab 5
2009-02-25 02:11 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-02-25 02:11 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-02-25 02:10 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-02-25 02:01 --------- d-----w c:\documents and settings\Josh\Application Data\AdobeUM
2009-02-24 09:00 --------- d-----w c:\program files\MSXML 4.0
2009-02-23 01:23 --------- d-----w c:\documents and settings\Britta\Application Data\Apple Computer
2009-02-23 01:22 --------- d-----w c:\program files\iTunes
2009-02-23 01:22 --------- d-----w c:\program files\iPod
2009-02-23 01:22 --------- d-----w c:\program files\Common Files\Apple
2009-02-23 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-23 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-23 01:21 --------- d-----w c:\program files\QuickTime
2009-02-23 01:21 --------- d-----w c:\program files\Bonjour
2009-02-23 01:19 --------- d-----w c:\program files\Apple Software Update
2009-02-23 01:19 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-22 23:05 --------- d-----w c:\documents and settings\Britta\Application Data\uTorrent
2009-02-22 20:41 --------- d-----w c:\program files\Java
2009-02-22 20:41 --------- d-----w c:\program files\Common Files\Java
2009-02-22 20:05 --------- d-----w c:\program files\Microsoft Games
2009-02-22 19:01 --------- d-----w c:\program files\uTorrent
2009-02-22 18:48 --------- d-----w c:\program files\VIA
2009-02-22 18:47 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-22 18:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 18:45 --------- d-----w c:\program files\Realtek Sound Manager
2009-02-22 18:45 --------- d-----w c:\program files\AvRack
2009-02-22 18:12 --------- d-----w c:\program files\S3
2009-02-22 17:21 --------- d-----w c:\program files\Western Digital Technologies
2009-02-22 17:10 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-22 17:10 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-02-22 17:09 --------- d-----w c:\program files\Zune
2009-02-22 16:55 --------- d-----w c:\program files\Windows Defender
2009-02-22 16:49 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-22 16:49 --------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-02-22 16:21 --------- d-----w c:\program files\AVG
2009-02-21 14:41 --------- d-----w c:\documents and settings\Josh\Application Data\GTek
2009-02-21 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\Gtek
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-25 1932568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"STOPzilla"="c:\program files\STOPzilla!\Stopzilla.exe" [2003-11-10 36864]
"SoundMan"="SOUNDMAN.EXE" [2005-05-13 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Britta\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-09-03 114688]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 15:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [2003-11-09 45056]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\3rhu4hzg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 15:09:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-01 15:11:03
ComboFix-quarantined-files.txt 2009-04-01 20:10:53
ComboFix2.txt 2009-03-31 02:35:06
ComboFix3.txt 2009-03-31 01:48:00

Pre-Run: 82,249,039,872 bytes free
Post-Run: 82,220,695,552 bytes free

228 --- E O F --- 2009-03-30 22:43:26

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:12 PM

Posted 01 April 2009 - 03:35 PM

Yay!! :thumbup2: Looking much better. How is it running now? Could I also see a new HijackThis log? :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 afl0ck0fg0ats

afl0ck0fg0ats
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 01 April 2009 - 03:49 PM

Its running great, Thanks! heres the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:21 PM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5159 bytes

Edited by afl0ck0fg0ats, 01 April 2009 - 03:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users