Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo/Variant


  • Please log in to reply
17 replies to this topic

#1 jaybird2000

jaybird2000

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 31 March 2009 - 01:30 AM

Keep getting add pop ups and threat detected pop ups from AVG in System Volume Information/System Restore files
I did a SUPER Anti Spyware scan and when it was complete I pushed the delete infections button,it told me that I had to restart my computer to continue with the removal so I restarted my computer but it would only boot to the windows XP loading screen before flashing to a blue screen and then restarting the startup instantly.Then I went into safe mode where it luckily loaded to windows and did a system restore to the 25TH of March but SUPER Anti-Spyware still detects Vundo Please help


DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 1:17:53.00 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.143 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919181
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
EB: SpeedRunner Bar: {cafb2180-ba09-11dc-95ff-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [VTTimer] VTTimer.exe
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208046271638
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\5lemim38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\5lemim38.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\5lemim38.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-5 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-5 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-5 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-13 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-13 24336]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-5-6 159896]
R1 pctmp;PC Tools Firewall Memory Protection Driver;c:\windows\system32\drivers\pctmp.sys [2008-5-6 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;c:\windows\system32\drivers\pctssipc.sys [2008-5-6 18328]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\9dragons\gameguard\dump_wmimmc.sys --> c:\program files\9dragons\gameguard\dump_wmimmc.sys [?]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\compaq~1\locals~1\temp\imspqmn.sys --> c:\docume~1\compaq~1\locals~1\temp\iMSPQMn.sys [?]

=============== Created Last 30 ================

2009-03-30 16:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-03-26 21:32 <DIR> --d----- c:\program files\MagicISO
2009-03-26 21:00 <DIR> --d----- c:\program files\nullDC
2009-03-24 19:22 <DIR> --d----- c:\documents and settings\compaq_owner\Tracing
2009-03-24 12:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 12:27 <DIR> --d----- c:\program files\Microsoft
2009-03-24 12:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-22 13:58 <DIR> --d----- c:\program files\Ventrilo
2009-03-22 13:58 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-19 03:04 <DIR> --d----- c:\program files\GamersFirst
2009-03-16 12:57 268 a---h--- C:\sqmdata16.sqm
2009-03-16 12:57 244 a---h--- C:\sqmnoopt16.sqm
2009-03-16 12:46 268 a---h--- C:\sqmdata15.sqm
2009-03-16 12:45 244 a---h--- C:\sqmnoopt15.sqm
2009-03-16 12:41 186,407 a------- c:\windows\system32\nvapps.nvb
2009-03-16 12:33 268 a---h--- C:\sqmdata14.sqm
2009-03-16 12:33 244 a---h--- C:\sqmnoopt14.sqm
2009-03-16 12:02 268 a---h--- C:\sqmdata13.sqm
2009-03-16 12:02 244 a---h--- C:\sqmnoopt13.sqm
2009-03-16 12:01 181,833 a------- c:\windows\system32\nvapps.xml
2009-03-16 12:01 18,070 a------- c:\windows\system32\nvdisp.nvu
2009-03-16 12:01 <DIR> --d----- c:\windows\nview
2009-03-16 12:01 446,464 a------- c:\windows\system32\nvudisp.exe
2009-03-16 11:59 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-03-16 11:59 <DIR> --d----- C:\NVIDIA
2009-03-16 11:34 268 a---h--- C:\sqmdata12.sqm
2009-03-16 11:34 244 a---h--- C:\sqmnoopt12.sqm
2009-03-16 11:23 6,557,408 ac------ c:\windows\system32\dllcache\nv4_mini.sys
2009-03-16 11:23 6,557,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-03-16 11:23 6,108,928 ac------ c:\windows\system32\dllcache\nv4_disp.dll
2009-03-16 11:23 6,108,928 a------- c:\windows\system32\nv4_disp.dll
2009-03-07 16:43 <DIR> --d----- c:\program files\MythwarII
2009-03-05 10:10 <DIR> --d----- c:\program files\GodsWar Online

==================== Find3M ====================

2009-02-27 13:53 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 13:48 155,384 a------- c:\windows\system32\guard32.dll
2009-02-27 13:48 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-02-10 19:13 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-04 13:37 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-04 13:37 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-04 13:37 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-13 04:49 249,592 a------- c:\windows\system32\cssdll32.dll
2008-12-31 03:10 705,031 a--sh--- c:\windows\system32\aIloUBeg.ini2
2008-08-23 05:43 24 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat

============= FINISH: 1:19:35.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 02 April 2009 - 01:42 PM

Hello jaybird2000,

You have three firewall running on this computer: :thumbup2:
PC Tools Firewall Plus
COMODO Firewall
Norton Personal Firewall


Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Uninstall two of the firewalls.



Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\cssdll32.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.


We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.



Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

Be sure to install Recovery Console, as that is our safety net. <=== IMPORTANT

Post the log from ComboFix in your next reply,



A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 02 April 2009 - 02:02 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 03 April 2009 - 10:03 PM

Ok i think i uninstalled the firewalls even tho i only used one of them so i doubt they were conflicting.


I ran the virus scan
http://virscan.org/report/779d5de86e64f588...12c03efbc1.html


I downloaded and ran the combofix several times no matter what when I ran it all it did was have a yellow flashing square instead of typing anything,I made sure all other programs were off while running my virus protection was shut off and my firewalls was shutoff so I don't know whats making it not run

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 03 April 2009 - 10:10 PM

Hello jaybird2000,

Are you sure ComboFix was not running when you stopped it? :thumbup2:
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

I may be it was running and you hit your mouse or keyboard - that will stop it in its trackes.

Did you give it enough time to run? I can take 20 minutes to produced a log.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Edited by SifuMike, 03 April 2009 - 10:17 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 03 April 2009 - 11:18 PM

Ok will give it longer and see if anything happens will report back

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 03 April 2009 - 11:35 PM

OK. :thumbup2:


If you cant get it to we will use another tool.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 04 April 2009 - 04:24 AM

Ok yeah it worked dunno how long it took tho cuz i just left it running and went to bed but its done now so heres the log i noticed in the log i still have 2 firewalls enabled i dunno how that is but the PC tools firewall plus isn't even listed in my add/remove programs list from control panel so i may need help removing it too,anyhow heres the log

ComboFix 09-04-03.01 - Compaq_Owner 2009-04-04 4:06:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.493 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
FW: PC Tools Firewall Plus *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Favorites\Download programs.url
c:\documents and settings\Compaq_Owner\Favorites\Games.url
c:\documents and settings\Compaq_Owner\Favorites\Translator.url
c:\documents and settings\Compaq_Owner\Favorites\Videos.url
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Download programs.url
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Games.url
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Translator.url
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Videos.url
C:\install.exe
c:\windows\system32\aIloUBeg.ini
c:\windows\system32\aIloUBeg.ini2
c:\windows\system32\fpebmffp.ini
c:\windows\system32\ljwmbsrp.ini
c:\windows\system32\New Text Document.txt
c:\windows\system32\nhdstdcr.ini
c:\windows\system32\prsbmwjl.dll
c:\windows\system32\toahyxnx.ini
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-04 04:13 . 2009-04-04 04:13 227 --a------ c:\windows\system.ini
2009-04-03 23:49 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-03 19:48 . 2009-04-03 19:49 <DIR> d-------- C:\cb
2009-04-03 19:06 . 2009-04-03 19:06 268 --ah----- C:\sqmdata17.sqm
2009-04-03 19:06 . 2009-04-03 19:06 244 --ah----- C:\sqmnoopt17.sqm
2009-04-01 04:22 . 2009-04-01 04:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-01 04:22 . 2009-04-01 04:22 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-04-01 04:22 . 2009-04-01 04:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 04:22 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 04:22 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-26 21:32 . 2009-03-30 16:42 <DIR> d-------- c:\program files\MagicISO
2009-03-26 21:00 . 2009-03-26 21:00 <DIR> d-------- c:\program files\nullDC
2009-03-24 19:22 . 2009-03-30 16:42 <DIR> d-------- c:\documents and settings\Compaq_Owner\Tracing
2009-03-24 12:41 . 2009-03-24 12:41 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-03-24 12:37 . 2009-03-24 12:37 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 12:27 . 2009-03-30 16:43 <DIR> d-------- c:\program files\Microsoft
2009-03-24 12:04 . 2009-03-24 12:04 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-22 13:58 . 2009-03-22 13:58 <DIR> d-------- c:\program files\Ventrilo
2009-03-22 13:58 . 2009-03-22 14:01 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-03-22 13:58 . 2009-03-22 13:58 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-20 17:25 . 2009-03-20 17:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 15:17 . 2009-03-20 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-19 03:04 . 2009-03-19 03:04 <DIR> d-------- c:\program files\GamersFirst
2009-03-19 03:04 . 2009-03-19 03:04 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\InstallShield
2009-03-16 12:57 . 2009-03-16 12:57 268 --ah----- C:\sqmdata16.sqm
2009-03-16 12:57 . 2009-03-16 12:57 244 --ah----- C:\sqmnoopt16.sqm
2009-03-16 12:46 . 2009-03-16 12:46 268 --ah----- C:\sqmdata15.sqm
2009-03-16 12:45 . 2009-03-16 12:45 244 --ah----- C:\sqmnoopt15.sqm
2009-03-16 12:41 . 2008-05-19 18:16 186,407 --a------ c:\windows\system32\nvapps.nvb
2009-03-16 12:33 . 2009-03-16 12:33 268 --ah----- C:\sqmdata14.sqm
2009-03-16 12:33 . 2009-03-16 12:33 244 --ah----- C:\sqmnoopt14.sqm
2009-03-16 12:02 . 2009-03-16 12:02 268 --ah----- C:\sqmdata13.sqm
2009-03-16 12:02 . 2009-03-16 12:02 244 --ah----- C:\sqmnoopt13.sqm
2009-03-16 12:01 . 2009-03-16 12:43 <DIR> d-------- c:\windows\nview
2009-03-16 12:01 . 2008-05-16 14:01 446,464 --a------ c:\windows\system32\nvudisp.exe
2009-03-16 12:01 . 2009-04-04 04:13 181,833 --a------ c:\windows\system32\nvapps.xml
2009-03-16 12:01 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu
2009-03-16 11:59 . 2009-03-16 11:59 <DIR> d-------- C:\NVIDIA
2009-03-16 11:59 . 2008-05-16 11:48 446,464 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-16 11:34 . 2009-03-16 11:34 268 --ah----- C:\sqmdata12.sqm
2009-03-16 11:34 . 2009-03-16 11:34 244 --ah----- C:\sqmnoopt12.sqm
2009-03-16 11:23 . 2008-05-16 14:01 6,557,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-03-16 11:23 . 2008-05-16 14:01 6,557,408 --a--c--- c:\windows\system32\dllcache\nv4_mini.sys
2009-03-16 11:23 . 2008-05-16 14:01 6,108,928 --a------ c:\windows\system32\nv4_disp.dll
2009-03-16 11:23 . 2008-05-16 14:01 6,108,928 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll
2009-03-07 16:43 . 2009-04-01 04:42 <DIR> d-------- c:\program files\MythwarII
2009-03-05 10:10 . 2009-03-31 23:22 <DIR> d-------- c:\program files\GodsWar Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 01:12 --------- d-----w c:\program files\AVG
2009-04-02 01:07 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-04-01 10:27 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Desktopicon
2009-04-01 06:17 --------- d-----w c:\program files\Xfire
2009-04-01 05:37 --------- d-----w c:\program files\TalismanOnline
2009-03-31 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2009-03-31 09:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Xfire
2009-03-31 05:22 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-31 05:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 05:16 --------- d-----w c:\program files\SpywareBlaster
2009-03-31 03:56 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\U3
2009-03-30 21:44 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-03-24 17:41 --------- d-----w c:\program files\Windows Live
2009-03-22 18:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-21 21:15 --------- d-----w c:\program files\World of Warcraft
2009-03-19 08:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 22:25 --------- d-----w c:\program files\Cheat Engine
2009-03-16 16:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-16 16:53 --------- d-----w c:\program files\SystemRequirementsLab
2009-03-16 16:49 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\SystemRequirementsLab
2009-03-08 23:43 --------- d-----w c:\program files\MythWar
2009-03-04 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-27 18:53 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 18:48 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 18:48 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-26 10:35 --------- d-----w c:\program files\IconTweaker
2009-02-26 10:35 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\IconTweaker
2009-02-26 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\IconTweaker
2009-02-18 12:14 --------- d-----w c:\program files\LimeWire
2009-02-04 18:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-04 18:37 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-04 18:37 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-04 18:37 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-13 09:49 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-08-23 10:43 24 ----a-w c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-13 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-12 04:22 184320 c:\program files\AlienGUIse\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 13:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 05:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-10 00:15 133104 c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 18:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 22:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-11-11 20:50 212992 c:\progra~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 22:13 98304 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 22:43 233472 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-08-09 01:12 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-03-31 00:22 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-07-05 08:29 4538368 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 19:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 12:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 04:33 53248 c:\windows\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22898:TCP"= 22898:TCP:BitComet 22898 TCP
"22898:UDP"= 22898:UDP:BitComet 22898 UDP
"16609:TCP"= 16609:TCP:BitCometLite 16609 TCP
"16609:UDP"= 16609:UDP:BitCometLite 16609 UDP
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-01-12 21144]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-05 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-05 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-13 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-13 24336]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-05-06 159896]
R1 pctmp;PC Tools Firewall Memory Protection Driver;c:\windows\system32\drivers\pctmp.sys [2008-05-06 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;c:\windows\system32\drivers\pctssipc.sys [2008-05-06 18328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 298264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\9Dragons\GameGuard\dump_wmimmc.sys --> c:\program files\9Dragons\GameGuard\dump_wmimmc.sys [?]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\iMSPQMn.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2081054606-3104491657-858206439-1009.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-10 00:15]

2009-04-04 c:\windows\Tasks\saqlxpuw.job
- c:\windows\system32\ddcAqPIX.dll []

2009-04-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-a4be853e - c:\windows\system32\prsbmwjl.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\cfgwiz.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-NAV CfgWiz - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-ThreatFire - c:\program files\ThreatFire\TFTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919181
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\5lemim38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\5lemim38.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\5lemim38.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 04:13:24
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2081054606-3104491657-858206439-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\AlienGUIse\wbsrv.dll

- - - - - - - > 'lsass.exe'(1180)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-04 4:19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-04 09:19:06

Pre-Run: 31,861,202,944 bytes free
Post-Run: 32,637,902,848 bytes free

320 --- E O F --- 2008-12-09 11:07:30

Attached Files


Edited by SifuMike, 04 April 2009 - 10:03 AM.
insert Combofix log


#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 04 April 2009 - 11:30 AM

Hello jaybird2000,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.



Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\ALCXMNTR.EXE
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\iMSPQMn.sys
c:\windows\Tasks\saqlxpuw.job
c:\windows\system32\ddcAqPIX.dll 

Registry:: 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
 
Driver:: 
iMSPQMn


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log and Security Check log. DO NOT attach any logs, as that makes them hard to read.

Edited by SifuMike, 04 April 2009 - 11:31 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 05 April 2009 - 07:32 PM

Done


Heres the New combo fix log:ComboFix 09-04-03.01 - Compaq_Owner 2009-04-05 19:09:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.409 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
FW: PC Tools Firewall Plus *enabled*
* Created a new restore point

FILE ::
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\iMSPQMn.sys
c:\windows\ALCXMNTR.EXE
c:\windows\system32\ddcAqPIX.dll
c:\windows\Tasks\saqlxpuw.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ALCXMNTR.EXE
c:\windows\Tasks\saqlxpuw.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMSPQMN
-------\Service_iMSPQMn


((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-04 04:14 . 2009-04-04 04:14 268 --ah----- C:\sqmdata18.sqm
2009-04-04 04:14 . 2009-04-04 04:14 244 --ah----- C:\sqmnoopt18.sqm
2009-04-04 04:13 . 2009-04-05 19:17 227 --a------ c:\windows\system.ini
2009-04-03 23:49 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-03 19:48 . 2009-04-03 19:49 <DIR> d-------- C:\cb
2009-04-03 19:06 . 2009-04-03 19:06 268 --ah----- C:\sqmdata17.sqm
2009-04-03 19:06 . 2009-04-03 19:06 244 --ah----- C:\sqmnoopt17.sqm
2009-04-01 04:22 . 2009-04-01 04:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-01 04:22 . 2009-04-01 04:22 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-04-01 04:22 . 2009-04-01 04:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 04:22 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 04:22 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-26 21:32 . 2009-03-30 16:42 <DIR> d-------- c:\program files\MagicISO
2009-03-26 21:00 . 2009-03-26 21:00 <DIR> d-------- c:\program files\nullDC
2009-03-24 19:22 . 2009-03-30 16:42 <DIR> d-------- c:\documents and settings\Compaq_Owner\Tracing
2009-03-24 12:41 . 2009-03-24 12:41 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-03-24 12:37 . 2009-03-24 12:37 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 12:27 . 2009-03-30 16:43 <DIR> d-------- c:\program files\Microsoft
2009-03-24 12:04 . 2009-03-24 12:04 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-22 13:58 . 2009-03-22 13:58 <DIR> d-------- c:\program files\Ventrilo
2009-03-22 13:58 . 2009-03-22 14:01 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-03-22 13:58 . 2009-03-22 13:58 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-20 17:25 . 2009-03-20 17:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 15:17 . 2009-03-20 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-19 03:04 . 2009-03-19 03:04 <DIR> d-------- c:\program files\GamersFirst
2009-03-19 03:04 . 2009-03-19 03:04 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\InstallShield
2009-03-16 12:57 . 2009-03-16 12:57 268 --ah----- C:\sqmdata16.sqm
2009-03-16 12:57 . 2009-03-16 12:57 244 --ah----- C:\sqmnoopt16.sqm
2009-03-16 12:46 . 2009-03-16 12:46 268 --ah----- C:\sqmdata15.sqm
2009-03-16 12:45 . 2009-03-16 12:45 244 --ah----- C:\sqmnoopt15.sqm
2009-03-16 12:41 . 2008-05-19 18:16 186,407 --a------ c:\windows\system32\nvapps.nvb
2009-03-16 12:33 . 2009-03-16 12:33 268 --ah----- C:\sqmdata14.sqm
2009-03-16 12:33 . 2009-03-16 12:33 244 --ah----- C:\sqmnoopt14.sqm
2009-03-16 12:02 . 2009-03-16 12:02 268 --ah----- C:\sqmdata13.sqm
2009-03-16 12:02 . 2009-03-16 12:02 244 --ah----- C:\sqmnoopt13.sqm
2009-03-16 12:01 . 2009-03-16 12:43 <DIR> d-------- c:\windows\nview
2009-03-16 12:01 . 2008-05-16 14:01 446,464 --a------ c:\windows\system32\nvudisp.exe
2009-03-16 12:01 . 2009-04-05 19:17 181,833 --a------ c:\windows\system32\nvapps.xml
2009-03-16 12:01 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu
2009-03-16 11:59 . 2009-03-16 11:59 <DIR> d-------- C:\NVIDIA
2009-03-16 11:59 . 2008-05-16 11:48 446,464 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-16 11:34 . 2009-03-16 11:34 268 --ah----- C:\sqmdata12.sqm
2009-03-16 11:34 . 2009-03-16 11:34 244 --ah----- C:\sqmnoopt12.sqm
2009-03-16 11:23 . 2008-05-16 14:01 6,557,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-03-16 11:23 . 2008-05-16 14:01 6,557,408 --a--c--- c:\windows\system32\dllcache\nv4_mini.sys
2009-03-16 11:23 . 2008-05-16 14:01 6,108,928 --a------ c:\windows\system32\nv4_disp.dll
2009-03-16 11:23 . 2008-05-16 14:01 6,108,928 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll
2009-03-07 16:43 . 2009-04-01 04:42 <DIR> d-------- c:\program files\MythwarII

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 00:14 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-04-04 13:54 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-04-02 01:12 --------- d-----w c:\program files\AVG
2009-04-01 10:27 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Desktopicon
2009-04-01 06:17 --------- d-----w c:\program files\Xfire
2009-04-01 05:37 --------- d-----w c:\program files\TalismanOnline
2009-04-01 04:22 --------- d-----w c:\program files\GodsWar Online
2009-03-31 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2009-03-31 09:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Xfire
2009-03-31 05:22 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-31 05:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 05:16 --------- d-----w c:\program files\SpywareBlaster
2009-03-31 03:56 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\U3
2009-03-24 17:41 --------- d-----w c:\program files\Windows Live
2009-03-22 18:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-21 21:15 --------- d-----w c:\program files\World of Warcraft
2009-03-19 08:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 22:25 --------- d-----w c:\program files\Cheat Engine
2009-03-16 16:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-16 16:53 --------- d-----w c:\program files\SystemRequirementsLab
2009-03-16 16:49 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\SystemRequirementsLab
2009-03-08 23:43 --------- d-----w c:\program files\MythWar
2009-03-04 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-27 18:53 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 18:48 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 18:48 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-26 10:35 --------- d-----w c:\program files\IconTweaker
2009-02-26 10:35 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\IconTweaker
2009-02-26 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\IconTweaker
2009-02-18 12:14 --------- d-----w c:\program files\LimeWire
2009-02-04 18:37 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-13 09:49 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-08-23 10:43 24 ----a-w c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-04_ 4.17.52.32 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-13 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-12 04:22 184320 c:\program files\AlienGUIse\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 13:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 05:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-10 00:15 133104 c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 18:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 22:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-11-11 20:50 212992 c:\progra~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 22:13 98304 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 22:43 233472 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-08-09 01:12 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-03-31 00:22 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-07-05 08:29 4538368 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 19:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 04:33 53248 c:\windows\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22898:TCP"= 22898:TCP:BitComet 22898 TCP
"22898:UDP"= 22898:UDP:BitComet 22898 UDP
"16609:TCP"= 16609:TCP:BitCometLite 16609 TCP
"16609:UDP"= 16609:UDP:BitCometLite 16609 UDP
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-01-12 21144]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-05 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-05 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-13 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-13 24336]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-05-06 159896]
R1 pctmp;PC Tools Firewall Memory Protection Driver;c:\windows\system32\drivers\pctmp.sys [2008-05-06 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;c:\windows\system32\drivers\pctssipc.sys [2008-05-06 18328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 298264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\9Dragons\GameGuard\dump_wmimmc.sys --> c:\program files\9Dragons\GameGuard\dump_wmimmc.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2081054606-3104491657-858206439-1009.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-10 00:15]

2009-04-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919181
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\5lemim38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\5lemim38.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\5lemim38.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 19:17:14
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2081054606-3104491657-858206439-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\AlienGUIse\wbsrv.dll

- - - - - - - > 'lsass.exe'(1180)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-05 19:21:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 00:21:47
ComboFix2.txt 2009-04-04 09:19:16

Pre-Run: 30,128,852,992 bytes free
Post-Run: 30,116,438,016 bytes free

302 --- E O F --- 2008-12-09 11:07:30



Heres the DDS.txt from the HJT report


DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 19:23:39.87 on Sun 04/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.227 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919181
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208046271638
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WBSrv - c:\program files\alienguise\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\5lemim38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\5lemim38.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\5lemim38.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-1-12 21144]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-5 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-5 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-5 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-13 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-13 24336]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-5-6 159896]
R1 pctmp;PC Tools Firewall Memory Protection Driver;c:\windows\system32\drivers\pctmp.sys [2008-5-6 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;c:\windows\system32\drivers\pctssipc.sys [2008-5-6 18328]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 298264]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2009-1-13 700152]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\fwservice.exe --> c:\program files\pc tools firewall plus\FWService.exe [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\9dragons\gameguard\dump_wmimmc.sys --> c:\program files\9dragons\gameguard\dump_wmimmc.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

=============== Created Last 30 ================

2009-04-05 19:18 268 a---h--- C:\sqmdata19.sqm
2009-04-05 19:18 244 a---h--- C:\sqmnoopt19.sqm
2009-04-04 04:14 268 a---h--- C:\sqmdata18.sqm
2009-04-04 04:14 244 a---h--- C:\sqmnoopt18.sqm
2009-04-04 04:13 227 a------- c:\windows\system.ini
2009-04-03 23:59 161,792 a------- c:\windows\SWREG.exe
2009-04-03 23:59 98,816 a------- c:\windows\sed.exe
2009-04-03 23:49 73,728 a------- C:\pv.exe
2009-04-03 19:48 <DIR> --d----- C:\cb
2009-04-03 19:06 268 a---h--- C:\sqmdata17.sqm
2009-04-03 19:06 244 a---h--- C:\sqmnoopt17.sqm
2009-04-01 04:22 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-04-01 04:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 04:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 04:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-01 04:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-26 21:32 <DIR> --d----- c:\program files\MagicISO
2009-03-26 21:00 <DIR> --d----- c:\program files\nullDC
2009-03-24 19:22 <DIR> --d----- c:\documents and settings\compaq_owner\Tracing
2009-03-24 12:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 12:27 <DIR> --d----- c:\program files\Microsoft
2009-03-24 12:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-22 13:58 <DIR> --d----- c:\program files\Ventrilo
2009-03-22 13:58 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-20 17:25 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-19 03:04 <DIR> --d----- c:\program files\GamersFirst
2009-03-16 12:57 268 a---h--- C:\sqmdata16.sqm
2009-03-16 12:57 244 a---h--- C:\sqmnoopt16.sqm
2009-03-16 12:46 268 a---h--- C:\sqmdata15.sqm
2009-03-16 12:45 244 a---h--- C:\sqmnoopt15.sqm
2009-03-16 12:41 186,407 a------- c:\windows\system32\nvapps.nvb
2009-03-16 12:33 268 a---h--- C:\sqmdata14.sqm
2009-03-16 12:33 244 a---h--- C:\sqmnoopt14.sqm
2009-03-16 12:02 268 a---h--- C:\sqmdata13.sqm
2009-03-16 12:02 244 a---h--- C:\sqmnoopt13.sqm
2009-03-16 12:01 181,833 a------- c:\windows\system32\nvapps.xml
2009-03-16 12:01 18,070 a------- c:\windows\system32\nvdisp.nvu
2009-03-16 12:01 <DIR> --d----- c:\windows\nview
2009-03-16 12:01 446,464 a------- c:\windows\system32\nvudisp.exe
2009-03-16 11:59 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-03-16 11:59 <DIR> --d----- C:\NVIDIA
2009-03-16 11:34 268 a---h--- C:\sqmdata12.sqm
2009-03-16 11:34 244 a---h--- C:\sqmnoopt12.sqm
2009-03-16 11:23 6,557,408 ac------ c:\windows\system32\dllcache\nv4_mini.sys
2009-03-16 11:23 6,557,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-03-16 11:23 6,108,928 ac------ c:\windows\system32\dllcache\nv4_disp.dll
2009-03-16 11:23 6,108,928 a------- c:\windows\system32\nv4_disp.dll
2009-03-07 16:43 <DIR> --d----- c:\program files\MythwarII

==================== Find3M ====================

2009-02-27 13:53 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 13:48 155,384 a------- c:\windows\system32\guard32.dll
2009-02-27 13:48 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-02-04 13:37 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-13 04:49 249,592 a------- c:\windows\system32\cssdll32.dll
2008-08-23 05:43 24 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat

============= FINISH: 19:24:23.17 ===============



Heres the attach.txt from the HJT Report


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2008 8:16:40 PM
System Uptime: 4/5/2009 7:15:25 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon™ XP 2200+ | Socket A | 1800/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 28.064 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: VIA/S3G UniChrome IGP
Device ID: PCI\VEN_1106&DEV_7205&SUBSYS_81181043&REV_01\4&1FEB96E4&0&0008
Manufacturer: VIA/S3G
Name: VIA/S3G UniChrome IGP
PNP Device ID: PCI\VEN_1106&DEV_7205&SUBSYS_81181043&REV_01\4&1FEB96E4&0&0008
Service: viagfx

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\7B8C6EE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\7B8C6EE01800
Service: NIC1394

==== System Restore Points ===================

RP223: 1/6/2009 10:35:27 AM - System Checkpoint
RP224: 1/7/2009 11:17:26 AM - System Checkpoint
RP225: 1/8/2009 2:28:39 PM - System Checkpoint
RP226: 1/9/2009 8:54:16 AM - SPTD setup V1.56
RP227: 1/10/2009 9:41:22 AM - System Checkpoint
RP228: 1/11/2009 11:19:36 AM - System Checkpoint
RP229: 1/12/2009 3:53:01 AM - Restore Operation
RP230: 1/12/2009 5:43:24 AM - Restore Operation
RP231: 1/12/2009 12:59:59 PM - Configured S3GSetup
RP232: 1/12/2009 1:48:52 PM - Installed Platform
RP233: 1/12/2009 2:03:41 PM - Configured S3GSetup
RP234: 1/12/2009 2:48:14 PM - Configured S3GSetup
RP235: 1/13/2009 5:12:56 PM - System Checkpoint
RP236: 1/14/2009 7:20:00 PM - System Checkpoint
RP237: 1/15/2009 9:13:20 PM - System Checkpoint
RP238: 1/16/2009 10:05:00 PM - System Checkpoint
RP239: 1/18/2009 1:49:28 AM - System Checkpoint
RP240: 1/19/2009 2:28:47 AM - System Checkpoint
RP241: 1/20/2009 3:18:56 AM - System Checkpoint
RP242: 1/21/2009 4:18:55 AM - System Checkpoint
RP243: 1/22/2009 5:18:57 AM - System Checkpoint
RP244: 1/23/2009 6:18:57 AM - System Checkpoint
RP245: 1/24/2009 7:18:57 AM - System Checkpoint
RP246: 1/25/2009 8:18:56 AM - System Checkpoint
RP247: 1/26/2009 8:33:25 AM - System Checkpoint
RP248: 1/27/2009 11:44:23 AM - System Checkpoint
RP249: 2/3/2009 8:03:04 PM - System Checkpoint
RP250: 2/4/2009 12:35:35 PM - Avg8 Update
RP251: 2/4/2009 12:38:14 PM - Avg8 Update
RP252: 2/5/2009 2:35:49 PM - System Checkpoint
RP253: 2/6/2009 2:40:32 PM - System Checkpoint
RP254: 2/7/2009 3:29:58 PM - System Checkpoint
RP255: 2/8/2009 4:09:19 PM - System Checkpoint
RP256: 2/12/2009 2:40:47 PM - Avg8 Update
RP257: 2/13/2009 8:36:20 AM - Avg8 Update
RP258: 2/14/2009 8:41:25 AM - System Checkpoint
RP259: 2/15/2009 9:41:20 AM - System Checkpoint
RP260: 2/16/2009 10:41:26 AM - System Checkpoint
RP261: 2/17/2009 11:53:56 AM - System Checkpoint
RP262: 2/18/2009 12:14:13 PM - System Checkpoint
RP263: 2/19/2009 2:38:10 PM - System Checkpoint
RP264: 2/20/2009 3:14:16 PM - System Checkpoint
RP265: 2/21/2009 4:14:09 PM - System Checkpoint
RP266: 2/22/2009 4:19:22 PM - System Checkpoint
RP267: 2/23/2009 5:30:38 PM - System Checkpoint
RP268: 2/24/2009 5:43:31 PM - System Checkpoint
RP269: 2/25/2009 6:43:27 PM - System Checkpoint
RP270: 2/26/2009 7:43:32 PM - System Checkpoint
RP271: 2/27/2009 7:54:00 PM - System Checkpoint
RP272: 2/28/2009 8:53:54 PM - System Checkpoint
RP273: 3/1/2009 9:53:57 PM - System Checkpoint
RP274: 3/2/2009 10:53:59 PM - System Checkpoint
RP275: 3/3/2009 11:54:04 PM - System Checkpoint
RP276: 3/4/2009 9:25:41 AM - Avg8 Update
RP277: 3/5/2009 10:04:26 AM - System Checkpoint
RP278: 3/6/2009 10:08:15 AM - System Checkpoint
RP279: 3/7/2009 10:55:18 AM - System Checkpoint
RP280: 3/8/2009 11:51:56 AM - System Checkpoint
RP281: 3/9/2009 2:52:45 PM - System Checkpoint
RP282: 3/10/2009 2:55:17 PM - System Checkpoint
RP283: 3/12/2009 1:27:24 AM - System Checkpoint
RP284: 3/13/2009 2:26:50 AM - System Checkpoint
RP285: 3/14/2009 2:54:07 AM - System Checkpoint
RP286: 3/15/2009 4:53:12 AM - System Checkpoint
RP287: 3/16/2009 1:41:09 PM - System Checkpoint
RP288: 3/17/2009 3:04:54 PM - System Checkpoint
RP289: 3/19/2009 3:04:30 AM - Installed War Rock
RP290: 3/20/2009 1:59:54 AM - Avg8 Update
RP291: 3/21/2009 7:55:28 AM - System Checkpoint
RP292: 3/22/2009 8:14:26 AM - System Checkpoint
RP293: 3/22/2009 1:58:27 PM - Installed Ventrilo Client
RP294: 3/23/2009 3:02:21 PM - System Checkpoint
RP295: 3/24/2009 12:38:10 PM - Installed DirectX
RP296: 3/25/2009 3:15:47 PM - System Checkpoint
RP297: 3/26/2009 3:53:33 PM - System Checkpoint
RP298: 3/26/2009 9:00:27 PM - Installed nullDC 1.0.0 Public Beta 1 Setup
RP299: 3/27/2009 8:49:57 AM - Avg8 Update
RP300: 3/28/2009 9:36:39 AM - System Checkpoint
RP301: 3/29/2009 9:24:25 PM - System Checkpoint
RP302: 3/30/2009 4:41:17 PM - Restore Operation
RP303: 3/30/2009 4:54:19 PM - Avg8 Update
RP304: 3/31/2009 5:39:44 PM - System Checkpoint
RP305: 4/2/2009 12:59:39 AM - System Checkpoint
RP306: 4/3/2009 8:08:16 PM - System Checkpoint
RP307: 4/4/2009 4:05:46 AM - ComboFix created restore point
RP308: 4/5/2009 4:16:34 AM - System Checkpoint
RP309: 4/5/2009 7:09:27 PM - ComboFix created restore point

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Agere Systems PCI Soft Modem
ah Screen Saver
AlienGUIse Theme Manager
Apple Software Update
Ask Toolbar
AutoUpdate
AVG Free 8.0
Axife Mouse Recorder DEMO 5.01
Belarc Advisor 7.2
CCleaner (remove only)
Cheat Engine 5.3
Cheat Engine 5.5
Combat Arms
COMODO Firewall Pro
COMODO SafeSurf
Compaq Connections
Curse Client
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Flick
Fab Fashion
Fraps
Frets On Fire
Frets on Fire - Alarian mod 2.63
Game Cam 2.2
GameSpy Arcade
GodsWar Online
Google Chrome
Hardware sensors monitor 4.4
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HpSdpAppCoreApp
IconTweaker 1.12
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 5
K-Lite Mega Codec Pack 4.1.7
KBD
LimeWire 5.0.11
LiveReg (Symantec Corporation)
Lost Seaside Wallpaper
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Age of Empires II Trial Version
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 7.0
mIRC
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MY CAMERA
MythWar
MythwarII
Neffy 1,2,0,12
Nero PhotoShow Express
Nero Suite
Norton Personal Firewall
NVIDIA Drivers
Opera 9.62
PC-Doctor for Windows
PerformanceTest v6.1
Platform
Project64 1.6
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RocketDock 1.3.5
Rosetta Stone V3
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3GSetup
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sierra Utilities
Skype™ 3.8
Sonic RecordNow!
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
System Requirements Lab
Talisman Online Ver.1412
TreeSize Free V2.2.1
Unlocker 1.8.7
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Ventrilo Client
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
War Rock
WebFldrs XP
WindowBlinds
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! Messenger
ZMatrix 1.5.2

==== Event Viewer Messages From Past Week ========

4/1/2009 12:48:18 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
3/31/2009 8:36:05 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/31/2009 12:22:42 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
3/30/2009 4:41:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2009 4:35:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AvgLdx86 AvgMfx86 AvgTdiX BANTExt cmdGuard cmdHlp Fips hmonitor IPSec MRxSmb NetBIOS NetBT pctfw2 pctmp pctssipc RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tcpip6
3/30/2009 4:35:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 4:35:05 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 4:35:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 4:35:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 4:35:05 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 4:35:05 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 4:34:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/1/2009 4:11:17 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
4/1/2009 4:19:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde uagp35 ViaIde
4/1/2009 7:56:44 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DAN-HH3NORFG86T that believes that it is the master browser for the domain on transport NetBT_Tcpip_{73B1A544-707. The master browser is stopping or an election is being forced.
4/3/2009 9:59:29 PM, error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
4/3/2009 9:59:57 PM, error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
4/3/2009 10:00:01 PM, error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 3 time(s).

==== End Of File ===========================

Heres the checkup.txt from the Security Check

Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
COMODOFirewallPro
NortonPersonalFirewall
AVGFree8.0
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Ad-Aware
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
COMODO Firewall cmdagent.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GOOD! (Somewhat random)

Scan took 57 seconds.
`````````End of Log```````````

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 05 April 2009 - 09:01 PM

Hi jaybird2000,

You have still have two firewall installed, COMODO Firewall Pro and Norton Personal Firewall.
Never run two firewalls at the same time, as it will cause major problems.

so heres the log i noticed in the log i still have 2 firewalls enabled i dunno how that is but the PC tools firewall plus isn't even listed in my add/remove programs list from control panel so i may need help removing it too


PC tools firewall does not show up on the scanner. Try installing the firewalls again, then uninstalling them. Of course, you only want ONE firewall active on your computer.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2_03
    Java™ 6 Update 5
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
Post a Hijackthis log (not the DDS log) and tell me how your computer is running.

Edited by SifuMike, 05 April 2009 - 09:02 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 05 April 2009 - 09:42 PM

Ok sorry for the confusion there here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:17 PM, on 4/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919181
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208046271638
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7363 bytes


I haven't gotten anymore restore points deleted or threat detected pop-ups will run a scan just to be sure its gone tho

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 05 April 2009 - 10:19 PM

Hi jaybird2000,

I see you have COMODO Internet Security installed. Can you tell me if you have the Combo antivirus disabled?

Since you have AVG8 antivirus installed, you need to disable the Comodo antivirus (if you have not arlread done so).
Having two antivirus programs running will cause major problems.

Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)

Close all browsers and other windows except for HijackThis, and click "Fix checked"


Lets delete the bad service:
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the code box to Notepad.
Save it to your desktop, make sure the file type is All File and name it FixService.bat


@echo off
sc stop PCToolsFirewallPlus
sc delete PCToolsFirewallPlus
exit

Double click FixService.bat.
It should now look like this icon now.

Posted Image

Now double click this file, won't see much happen.
A window will open and close. This is normal.
A quick flash is about all.
Then you may delete the FixService.bat file we just made.


Reboot your computer, post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 April 2009 - 01:28 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:31 AM, on 4/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919181
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208046271638
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6941 bytes




No I don't use the combo antivirus only antivirus i use is AVG

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 AM

Posted 06 April 2009 - 09:53 AM

Hi jay,

Your log looks clean. How is the computer running? We still have to do the program clean up.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 jaybird2000

jaybird2000
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 April 2009 - 10:11 PM

It's running good I ran a quick scan with malware bytes that turned up empty :thumbup2: and no problems thus far




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users