Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google links redirect..


  • Please log in to reply
24 replies to this topic

#1 zack1442

zack1442

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 20 May 2009 - 02:26 PM

so ive been looking on forums online n trying to figure this out..so far ive gotten instructions to get hackthis..so i did and ran it then saved this log..can anyone look at this n tell if there is a problem n if so what is it and how i can repair this as soon as possible..id greatly appreciate it





Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Autorun Eater\billy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimzones.aol.com/homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: VPro1000.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241074019194
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0953757-E3E8-4503-9438-156F6B2C8D29}: NameServer = 85.255.112.76,85.255.112.176
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.76,85.255.112.176
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.76,85.255.112.176
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cc2b268b50e0) (gupdate1c9cc2b268b50e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8054 bytes

BC AdBot (Login to Remove)

 


#2 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 20 May 2009 - 02:35 PM

can some one help me out please?

#3 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 20 May 2009 - 02:40 PM

also..my malwarebytes will not open

#4 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 20 May 2009 - 03:12 PM

does anyone see problems in the log i got
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 21 May 2009 - 11:39 PM.


#5 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 31 May 2009 - 01:27 AM

im glad someone could help

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,010 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:41 AM

Posted 01 June 2009 - 11:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 08 June 2009 - 02:28 AM

im still having problems no body seems to be able to help me here, ive tried all these softwares people are reccomending nothing has worked malwarebytes dont even open, spyware doctor wont update so that dont work can someone tell me what is going on here please!

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,010 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:41 AM

Posted 08 June 2009 - 02:39 AM

Are you able to run DDS as requested in my previous post? If so, please post those logs.

If not, please tell us that too.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 08 June 2009 - 03:30 AM

hope this helps...

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Zack\My Documents\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Zack\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://torrentz.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [spc1000] c:\windows\vspc1000.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\zack\startm~1\programs\startup\stardo~1.lnk - c:\documents and settings\zack\my documents\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpro1000.lnk - c:\windows\VPro1000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241074019194
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.76,85.255.112.176
TCP: {C0953757-E3E8-4503-9438-156F6B2C8D29} = 85.255.112.76,85.255.112.176
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-8 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-30 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-30 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-30 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-30 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-30 298776]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-8 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-8 1095560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-30 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c9cc2b268b50e0;Google Update Service (gupdate1c9cc2b268b50e0);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [2009-4-30 88320]
S3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\drivers\spc1000.sys [2009-4-30 3033856]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-06-08 02:10 1,081,616 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-08 02:00 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-08 02:00 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-08 02:00 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-08 02:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-08 02:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-08 02:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-08 02:00 <DIR> --d----- c:\docume~1\zack\applic~1\PC Tools
2009-06-08 02:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-25 01:44 <DIR> --d----- c:\program files\Audacity
2009-05-20 13:39 <DIR> --d----- c:\program files\Trend Micro
2009-05-20 13:12 <DIR> --d----- c:\program files\Autorun Eater
2009-05-20 13:09 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 13:09 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 13:05 <DIR> --dsh--- c:\documents and settings\zack\UserData
2009-05-20 12:59 <DIR> a-dshr-- C:\autorun.inf
2009-05-20 01:54 <DIR> --d----- c:\program files\Stardock
2009-05-20 01:54 <DIR> --d----- c:\program files\common files\Stardock
2009-05-19 03:53 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-05-15 12:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-14 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GoldWave
2009-05-14 14:58 1,403 a------- c:\windows\MQPreset.ini
2009-05-14 14:58 284 a------- c:\windows\Multique.ini
2009-05-14 14:58 <DIR> --d----- c:\program files\Multiquence
2009-05-14 02:51 <DIR> --dsh--- c:\documents and settings\zack\IECompatCache
2009-05-14 02:48 <DIR> --d----- c:\program files\Yahoo!
2009-05-14 02:48 <DIR> --d----- c:\program files\CCleaner
2009-05-14 00:40 <DIR> --d----- c:\program files\GoldWave
2009-05-13 14:15 <DIR> --d----- c:\docume~1\zack\applic~1\LimeWire
2009-05-13 14:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 14:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-13 14:12 <DIR> --d----- c:\program files\LimeWire

==================== Find3M ====================

2009-05-07 12:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 12:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-07 12:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 15:13 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf
2009-04-30 15:13 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-30 03:04 1,536 a------- c:\windows\system32\TrueSoft.dat
2009-04-30 02:44 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-30 00:42 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-06 19:29 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-06 19:29 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-06 19:29 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-02 08:21 84,480 a------- c:\windows\system32\ff_vfw.dll

============= FINISH: 3:28:53.75 ===============

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,010 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:41 AM

Posted 08 June 2009 - 03:37 AM

Getting there. I'm afraid you left off the top portion of the log. The log starts something like this:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Mickey Mouse at 10:00:37.43 on Thu 04/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.239.21 [GMT 7:00]

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 08 June 2009 - 04:08 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Zack at 3:28:04.78 on Mon 06/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.88 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Zack\My Documents\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Zack\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://torrentz.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [spc1000] c:\windows\vspc1000.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\zack\startm~1\programs\startup\stardo~1.lnk - c:\documents and settings\zack\my documents\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpro1000.lnk - c:\windows\VPro1000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241074019194
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.76,85.255.112.176
TCP: {C0953757-E3E8-4503-9438-156F6B2C8D29} = 85.255.112.76,85.255.112.176
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-8 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-30 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-30 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-30 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-30 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-30 298776]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-8 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-8 1095560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-30 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c9cc2b268b50e0;Google Update Service (gupdate1c9cc2b268b50e0);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [2009-4-30 88320]
S3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\drivers\spc1000.sys [2009-4-30 3033856]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-06-08 02:10 1,081,616 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-08 02:00 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-08 02:00 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-08 02:00 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-08 02:00 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-08 02:00 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-08 02:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-08 02:00 <DIR> --d----- c:\docume~1\zack\applic~1\PC Tools
2009-06-08 02:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-25 01:44 <DIR> --d----- c:\program files\Audacity
2009-05-20 13:39 <DIR> --d----- c:\program files\Trend Micro
2009-05-20 13:12 <DIR> --d----- c:\program files\Autorun Eater
2009-05-20 13:09 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 13:09 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 13:05 <DIR> --dsh--- c:\documents and settings\zack\UserData
2009-05-20 12:59 <DIR> a-dshr-- C:\autorun.inf
2009-05-20 01:54 <DIR> --d----- c:\program files\Stardock
2009-05-20 01:54 <DIR> --d----- c:\program files\common files\Stardock
2009-05-19 03:53 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-05-15 12:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-14 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GoldWave
2009-05-14 14:58 1,403 a------- c:\windows\MQPreset.ini
2009-05-14 14:58 284 a------- c:\windows\Multique.ini
2009-05-14 14:58 <DIR> --d----- c:\program files\Multiquence
2009-05-14 02:51 <DIR> --dsh--- c:\documents and settings\zack\IECompatCache
2009-05-14 02:48 <DIR> --d----- c:\program files\Yahoo!
2009-05-14 02:48 <DIR> --d----- c:\program files\CCleaner
2009-05-14 00:40 <DIR> --d----- c:\program files\GoldWave
2009-05-13 14:15 <DIR> --d----- c:\docume~1\zack\applic~1\LimeWire
2009-05-13 14:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 14:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-13 14:12 <DIR> --d----- c:\program files\LimeWire

==================== Find3M ====================

2009-05-07 12:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 12:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-07 12:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 15:13 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf
2009-04-30 15:13 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-30 03:04 1,536 a------- c:\windows\system32\TrueSoft.dat
2009-04-30 02:44 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-30 00:42 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-06 19:29 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-06 19:29 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-06 19:29 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-02 08:21 84,480 a------- c:\windows\system32\ff_vfw.dll

============= FINISH: 3:28:53.75 ===============

#12 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 08 June 2009 - 05:55 PM

? anything wrong with the log, i think i can see a few things but im not sure, i think i have a trojan virus

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,010 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:41 AM

Posted 08 June 2009 - 06:00 PM

Hang on. An HJT team member will be with you soon. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 08 June 2009 - 08:56 PM

Hello zack1442 and thank you for your patience.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT- Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#15 zack1442

zack1442
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 09 June 2009 - 02:22 AM

this is what i got



ComboFix 09-06-08.03 - Zack 06/09/2009 2:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.103 [GMT -5:00]
Running from: c:\documents and settings\Zack\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcouppulbtadrontvwqmuegtrnffkaaguu.sys
c:\windows\system32\drivers\gxvxcrprwgrjljlhhoekwqnqxfbkdouuomnai.sys
c:\windows\system32\drivers\gxvxcywkvucfbbkfhqhkmbojndlehnnmkpngd.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcpyxwhcngysjvedkrhbarjscebtrfjsnk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-08 07:00 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-08 07:00 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-08 07:00 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-08 07:00 . 2009-06-09 07:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-08 07:00 . 2009-06-08 07:00 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-08 07:00 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-08 07:00 . 2009-06-08 20:04 -------- d-----w- c:\program files\Spyware Doctor
2009-06-08 07:00 . 2009-06-08 07:00 -------- d-----w- c:\documents and settings\Zack\Application Data\PC Tools
2009-06-08 07:00 . 2009-06-08 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-28 22:05 . 2009-05-28 22:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AOL OCP
2009-05-28 22:05 . 2009-05-28 22:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AOL
2009-05-28 21:37 . 2009-05-28 21:37 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-05-25 06:44 . 2009-05-25 06:44 -------- d-----w- c:\program files\Audacity
2009-05-20 18:39 . 2009-05-20 18:39 -------- d-----w- c:\program files\Trend Micro
2009-05-20 18:12 . 2009-06-09 06:18 -------- d-----w- c:\program files\Autorun Eater
2009-05-20 18:09 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-20 18:09 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 18:09 . 2009-06-08 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 18:09 . 2009-05-20 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 18:05 . 2009-05-20 18:05 -------- d-sh--w- c:\documents and settings\Zack\UserData
2009-05-20 06:54 . 2009-05-20 06:54 -------- d-----w- c:\documents and settings\Zack\Local Settings\Application Data\Stardock
2009-05-20 06:54 . 2009-05-20 06:54 -------- d-----w- c:\program files\Stardock
2009-05-20 06:54 . 2009-05-20 06:54 -------- d-----w- c:\program files\Common Files\Stardock
2009-05-18 21:34 . 2009-05-18 21:34 -------- d-----w- c:\documents and settings\Zack\Application Data\Viewpoint
2009-05-15 17:01 . 2009-06-07 17:07 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-14 20:21 . 2009-05-14 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWave
2009-05-14 20:21 . 2008-09-25 02:33 484352 ----a-w- c:\documents and settings\All Users\Application Data\GoldWave\lame_enc.dll
2009-05-14 20:11 . 2009-05-14 20:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-14 19:58 . 2009-05-14 19:58 -------- d-----w- c:\documents and settings\Zack\Local Settings\Application Data\Help
2009-05-14 19:58 . 2009-05-14 19:58 -------- d-----w- c:\program files\Multiquence
2009-05-14 07:51 . 2009-05-14 07:51 -------- d-sh--w- c:\documents and settings\Zack\IECompatCache
2009-05-14 07:48 . 2009-05-17 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-14 07:48 . 2009-05-14 07:48 -------- d-----w- c:\documents and settings\Zack\Application Data\Yahoo!
2009-05-14 07:48 . 2009-05-14 07:48 -------- d-----w- c:\program files\Yahoo!
2009-05-14 07:48 . 2009-05-14 07:48 -------- d-----w- c:\program files\CCleaner
2009-05-14 05:40 . 2009-05-14 05:40 -------- d-----w- c:\program files\GoldWave
2009-05-13 19:15 . 2009-06-06 10:18 -------- d-----w- c:\documents and settings\Zack\Application Data\LimeWire
2009-05-13 19:14 . 2009-05-13 19:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 19:13 . 2009-05-13 19:13 -------- d-----w- c:\program files\Java
2009-05-13 19:13 . 2009-05-13 19:13 152576 ----a-w- c:\documents and settings\Zack\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-05-13 19:12 . 2009-05-13 19:15 -------- d-----w- c:\program files\LimeWire
2009-05-13 19:07 . 2009-05-13 19:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-13 19:06 . 2009-05-13 19:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 03:32 . 2009-05-01 06:29 -------- d-----w- c:\documents and settings\Zack\Application Data\uTorrent
2009-05-20 06:56 . 2009-05-04 04:43 -------- d-----w- c:\documents and settings\Zack\Application Data\DivX
2009-05-19 08:53 . 2009-05-19 08:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 08:49 . 2009-05-03 20:09 -------- d-----w- c:\program files\DivX
2009-05-17 06:02 . 2009-04-30 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-07 17:31 . 2009-04-30 06:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 17:31 . 2009-04-30 06:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 17:31 . 2009-04-30 06:35 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-07 17:31 . 2009-04-30 06:36 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-06 18:23 . 2009-05-06 18:23 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-05-06 18:23 . 2009-05-06 18:23 20456 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 16:14 . 2009-04-30 06:22 20456 ----a-w- c:\documents and settings\Zack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 16:13 . 2009-05-05 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-05 07:44 . 2009-05-05 07:44 -------- d-----w- c:\program files\Bonjour
2009-05-05 07:28 . 2009-05-05 07:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-04 18:05 . 2009-05-04 17:52 -------- d-----w- c:\documents and settings\Zack\Application Data\vlc
2009-05-04 17:51 . 2009-05-04 17:51 -------- d-----w- c:\program files\VideoLAN
2009-05-04 07:36 . 2009-05-04 07:36 -------- d-----w- c:\documents and settings\Zack\Application Data\Windows Search
2009-05-03 22:30 . 2009-05-03 22:19 -------- d-----w- c:\program files\Image-Line
2009-05-03 22:23 . 2009-05-03 22:23 -------- d-----w- c:\program files\VstPlugins
2009-05-03 22:21 . 2009-05-03 22:21 -------- d-----w- c:\program files\Outsim
2009-05-03 20:12 . 2009-05-03 20:09 -------- d-----w- c:\program files\Google
2009-05-03 20:09 . 2009-05-03 20:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-01 06:30 . 2009-05-01 06:30 -------- d-----w- c:\program files\uTorrent
2009-04-30 21:05 . 2009-04-30 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w- c:\documents and settings\Zack\Application Data\acccore
2009-04-30 21:04 . 2009-04-30 21:02 -------- d-----w- c:\program files\AIM6
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w- c:\program files\AIM Toolbar
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w- c:\program files\Viewpoint
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-30 21:03 . 2009-04-30 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-04-30 21:03 . 2009-04-30 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-04-30 21:03 . 2009-04-30 21:03 -------- d-----w- c:\program files\Common Files\AOL
2009-04-30 20:17 . 2009-04-30 20:17 -------- d-----w- c:\documents and settings\Zack\Application Data\ArcSoft
2009-04-30 20:13 . 2009-04-30 20:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf
2009-04-30 20:13 . 2009-04-30 20:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-30 20:09 . 2009-04-30 20:09 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-04-30 20:08 . 2009-04-30 20:07 -------- d-----w- c:\program files\Philips_VLounge
2009-04-30 20:08 . 2009-04-30 06:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-30 20:08 . 2009-04-30 20:08 -------- d-----w- c:\program files\DIFX
2009-04-30 20:07 . 2009-04-30 20:07 -------- d-----w- c:\program files\Common Files\SPC1000NC
2009-04-30 20:07 . 2009-04-30 20:07 -------- d-----w- c:\program files\Philips
2009-04-30 20:05 . 2009-04-30 20:05 -------- d-----w- c:\documents and settings\Zack\Application Data\InstallShield
2009-04-30 08:32 . 2009-04-30 08:32 -------- d-----w- c:\program files\Windows Defender
2009-04-30 08:07 . 2009-04-30 08:07 -------- d-----w- c:\documents and settings\Zack\Application Data\Windows Desktop Search
2009-04-30 08:07 . 2009-04-30 08:07 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-30 08:06 . 2009-04-30 08:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-30 08:04 . 2009-04-30 08:04 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2009-04-30 07:44 . 2009-04-30 05:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-30 06:35 . 2009-04-30 06:35 -------- d-----w- c:\program files\AVG
2009-04-30 06:15 . 2009-04-30 06:14 -------- d-----w- c:\program files\ATI Technologies
2009-04-30 06:13 . 2009-04-30 06:13 -------- d-----w- c:\program files\Synaptics
2009-04-30 06:11 . 2009-04-30 06:11 -------- d-----w- c:\program files\Dell
2009-04-30 06:11 . 2009-04-30 06:11 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-30 05:46 . 2009-04-30 05:46 -------- d-----w- c:\program files\microsoft frontpage
2009-04-30 05:42 . 2009-04-30 05:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-07 00:29 . 2009-05-03 20:10 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-07 00:29 . 2009-05-03 20:10 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-07 00:29 . 2009-05-03 20:10 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-04-07 00:29 . 2009-05-03 20:10 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-07 00:29 . 2009-05-03 20:10 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-07 00:29 . 2009-05-03 20:10 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-02 13:21 . 2009-05-19 08:53 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-13 15:42 . 2009-03-13 15:42 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-02-05 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-02-05 495616]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-25 335872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-07 1947928]
"spc1000"="c:\windows\vspc1000.exe" [2007-07-12 675840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 136600]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2008-11-27 501768]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2003-02-24 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Zack\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\documents and settings\Zack\My Documents\Stardock\ObjectDock\ObjectDock.exe [2009-5-20 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPro1000.lnk - c:\windows\VPro1000.exe [2009-4-30 77824]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-07 17:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/8/2009 2:00 AM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/30/2009 1:35 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/30/2009 1:36 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/30/2009 1:35 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/30/2009 1:35 AM 298776]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/8/2009 2:00 AM 348752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/30/2009 4:04 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate1c9cc2b268b50e0;Google Update Service (gupdate1c9cc2b268b50e0);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 3:09 PM 133104]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [4/30/2009 3:08 PM 88320]
S3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\drivers\spc1000.sys [4/30/2009 3:07 PM 3033856]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 20:09]

2009-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://torrentz.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 02:15
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,98,a3,46,da,00,80,41,b6,31,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,98,a3,46,da,00,80,41,b6,31,6e,\
.
Completion time: 2009-06-09 2:19
ComboFix-quarantined-files.txt 2009-06-09 07:19

Pre-Run: 124,354,621,440 bytes free
Post-Run: 124,899,704,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

242 --- E O F --- 2009-06-08 19:43




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users