Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hazza's Computer Problem


  • Please log in to reply
3 replies to this topic

#1 Hazza1352

Hazza1352

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:17 AM

Posted 03 June 2009 - 01:02 AM

Hello all My Name is Hazza and I Have a computer Problem, (Don't we all),(I was aiming to make that sound like An AA Meeting Intro).

I Signed up because i liked the site and i need some help, i someone can help me i'll try my hardest to help them or anyone else that needs it, i am normally quite good at virus removal and general computer problems and i work on my friend's and neighbour's computers, and they think im a brilliant, but i know that there is tonnes i don't know as this problem I'm Having shows.

I Did all me Usual Virus Scans after i noticed the computer playing up, As in

Redirecting Gooogle Search Results about things such as, Say Bushrangers to a place Called Stopzilla, which i had previously never heard of, and google searches reveal people have had trouble with it. so it sounds like a scam fake antivirus program, like the popup ad ones that show you a .SWF vid Claiming that you have 230+ trojans and that it is scanning your machine and finding more every second. (funny part is when you veiw the site with linux it expects you are using xp. :D)


Stopping me From loading MBAM, AVG, Spybot S&D, or Hijackthis.

in the end i was able to load all those programs by adding the word virus onto the names, so it is blocking the default names of my A/V and when you Change them it let's them load like normal.


I got my report from MBAM as Below

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

3/06/2009 1:18:42 PM
mbam-log-2009-06-03 (13-18-38).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 259828
Time elapsed: 1 hour(s), 18 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> No action taken.


As can be seen it doesn’t believe that anything is up other than that one item, so i Click that button to fix it, (i took the log before i fixed it, my fail!) and it reckons it’s all good


I‘m doing another full scan right now and i’ll post the result when it’s done. (EDIT:It completed with nothing to report.)

And a hijack this log if anyone cares.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:20 PM, on 3/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\IP Discoverer\ipdiscoverer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Administrator.TECRA-3DF7CD904\Desktop\Hotmail Cracker\SnapShout!.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThisv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.zonelabs.com/redirect/rout...4he7bhx644bu4g0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ipdiscoverer] C:\Program Files\IP Discoverer\ipdiscoverer.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8FC37D7-C6D0-43E2-8EFB-9F68F65F084E}: NameServer = 61.9.242.33,61.9.226.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c98cf487991637) (gupdate1c98cf487991637) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9823 bytes




Hope someone Can Help and i use firefox it it helps.

Edited by Hazza1352, 03 June 2009 - 03:12 AM.

-Hazza-


Put your Spare Computing Hours to a good Cause, Folding@Home. :D

BC AdBot (Login to Remove)

 


#2 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:17 PM

Posted 13 June 2009 - 07:30 PM

Hello and welcome to BleepingComputer,

My apologies for the delay; we're all volunteers and we've been swamped.

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

#3 Hazza1352

Hazza1352
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:17 AM

Posted 16 June 2009 - 10:26 PM

thankyou for the reply screen317, i hope you don't mind me calling you screen from now on, sorry about my own delay another unrelated internet problem (ISP :) ).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:05 AM, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\WINDOWS\system32\cisvc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThisv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/rout...4he7bhx644bu4g0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\bigpond\security\App\popupbho01.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [ESP] "c:\Program Files\bigpond\security\app\start.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.bigpond.com
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - hxxp://files.authentium.com/bigpond/bin/wizard.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8FC37D7-C6D0-43E2-8EFB-9F68F65F084E}: NameServer = 61.9.242.33,61.9.226.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wa.bigpond.net.au,vic.bigpond.net.au
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Update Service (gupdate1c98cf487991637) (gupdate1c98cf487991637) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8674 bytes





ComboFix 09-06-16.01 - Administrator 17/06/2009 10:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1535.1200 [GMT 8:00]
Running from: c:\documents and settings\Administrator.TECRA-3DF7CD904\Desktop\ComboFixav.exe
AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: BP Security Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcojdoktabuhatqlnjcttorskylnxjacdn.sys
c:\windows\system32\drivers\gxvxcxdnlnxylafndgojufoqowktcwiifkjtu.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcoaqitgoyrdqeamsrnhhvumpjnsljwwqt.dll
c:\windows\system32\gxvxcpynmmxockappaicokxspwauspkgemnjy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-16 14:15 . 2009-06-16 14:15 -------- d-s---w- C:\ComboFixkordan
2009-06-15 09:32 . 2009-06-15 09:32 -------- d-sh--w- c:\documents and settings\Jordan\IETldCache
2009-06-14 09:01 . 2009-06-14 09:01 -------- d-sh--w- c:\documents and settings\Administrator.TECRA-3DF7CD904\PrivacIE
2009-06-14 02:49 . 2009-06-14 02:49 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-06-13 00:37 . 2009-06-13 00:37 -------- d-sh--w- c:\documents and settings\Default User.WINDOWS\IETldCache
2009-06-12 09:49 . 2009-06-12 09:49 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-06-12 09:18 . 2009-06-12 09:18 -------- d-sh--w- c:\documents and settings\Administrator.TECRA-3DF7CD904\IETldCache
2009-06-12 08:48 . 2008-04-14 00:11 343040 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 08:46 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 08:46 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-12 08:46 . 2009-06-12 08:46 -------- d-----w- c:\windows\ie8updates
2009-06-12 08:46 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-12 08:45 . 2009-06-12 08:45 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-06-12 08:45 . 2005-03-09 12:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2009-06-12 08:45 . 2005-03-09 12:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2009-06-12 08:45 . 2005-03-09 12:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2009-06-12 08:45 . 2005-03-09 12:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2009-06-12 08:42 . 2009-06-12 08:45 -------- dc-h--w- c:\windows\ie8
2009-06-12 01:55 . 2009-06-12 01:55 -------- d-----w- c:\program files\Microsoft Games
2009-06-11 08:27 . 2009-06-11 08:27 -------- d-----w- c:\program files\HWiNFO32
2009-06-09 12:54 . 2009-06-09 12:54 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\GlarySoft
2009-06-08 07:06 . 2009-06-08 07:06 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Local Settings\Application Data\PC_Drivers_Headquarters
2009-06-04 08:56 . 2009-06-04 08:56 -------- d-----w- c:\documents and settings\Jordan\Application Data\Malwarebytes
2009-06-04 04:30 . 2009-06-04 05:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Authentium
2009-06-04 04:29 . 2009-06-04 04:29 -------- d-----w- c:\program files\Common Files\RuleSpace
2009-06-04 04:29 . 2009-06-04 04:29 -------- d-----w- c:\program files\Common Files\Aluria
2009-06-04 04:29 . 2009-06-04 04:29 -------- d-----w- c:\program files\Common Files\Authentium
2009-06-04 04:28 . 2009-06-04 04:28 -------- d-----w- c:\program files\bigpond
2009-06-04 04:02 . 2009-06-04 04:02 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Local Settings\Application Data\Apple
2009-06-04 03:58 . 2008-10-16 23:41 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-06-04 03:55 . 2009-06-04 03:55 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\Apple Computer
2009-06-03 09:53 . 2009-06-04 04:27 -------- d-----w- c:\program files\Common Files\Authentium Shared
2009-06-03 09:53 . 2009-04-21 05:09 106496 ----a-w- c:\windows\system32\atl71.dll
2009-06-03 04:12 . 2009-06-03 04:12 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Local Settings\Application Data\Identities
2009-06-03 04:11 . 2009-06-03 04:11 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\Wireshark
2009-06-03 03:44 . 2009-06-03 03:44 -------- d-----w- c:\program files\2BrightSparks
2009-06-03 03:36 . 2009-06-03 03:36 -------- d-----w- c:\program files\WinPcap
2009-06-03 03:35 . 2009-06-03 04:02 -------- d-----w- c:\program files\Wireshark
2009-06-03 03:27 . 2009-06-03 03:27 3371383 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-03 01:50 . 2009-06-03 01:50 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\Malwarebytes
2009-06-02 12:05 . 2009-06-02 12:05 -------- d-----w- c:\program files\Trend Micro
2009-06-01 09:31 . 2009-06-01 09:31 -------- d-----w- c:\program files\IObit
2009-06-01 09:20 . 2009-06-01 09:36 -------- d-----w- c:\documents and settings\Jordan\Application Data\TweakNow WinSecret 2009
2009-05-29 07:02 . 2009-05-29 07:02 -------- d-----w- c:\program files\Network Stumbler
2009-05-29 07:01 . 2009-06-04 03:53 -------- d-----w- c:\program files\Cain
2009-05-28 14:41 . 2005-05-01 13:10 159744 ----a-w- c:\windows\system32\unrar.dll
2009-05-28 14:41 . 2005-02-28 15:52 102400 ----a-w- c:\windows\system32\unzip3252.dll
2009-05-28 14:41 . 2004-05-04 03:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-05-28 14:41 . 2002-07-24 14:43 667648 ----a-w- c:\windows\system32\FreeImage.dll
2009-05-28 14:41 . 2001-05-30 02:00 352256 ----a-w- c:\windows\system32\ijl15.dll
2009-05-28 14:41 . 1998-08-29 05:50 40448 ----a-w- c:\windows\system32\UNACE.DLL
2009-05-28 14:41 . 1998-06-17 16:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-05-26 05:32 . 2009-05-26 05:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 05:31 . 2009-05-26 05:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:31 . 2009-06-03 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:31 . 2009-05-26 05:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-25 11:10 . 2009-05-25 11:10 2338816 ----a-w- c:\documents and settings\Jordan\Application Data\Folding@home-x86\FahCore_78.exe
2009-05-25 11:06 . 2009-05-25 11:06 98477 ----a-r- c:\documents and settings\Jordan\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe
2009-05-25 11:06 . 2009-05-25 11:06 98477 ----a-r- c:\documents and settings\Jordan\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe
2009-05-25 11:06 . 2009-05-25 11:06 10134 ----a-r- c:\documents and settings\Jordan\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe
2009-05-25 11:06 . 2009-05-25 11:11 -------- d-----w- c:\documents and settings\Jordan\Application Data\Folding@home-x86
2009-05-25 11:06 . 2009-05-25 11:06 -------- d-----w- c:\program files\Folding@home
2009-05-25 04:12 . 2009-05-25 04:12 -------- d-----w- c:\program files\FileASSASSIN
2009-05-25 03:58 . 2009-06-01 09:38 -------- d-----w- c:\program files\Autorun Eater
2009-05-22 03:40 . 2009-03-26 09:04 110592 ----a-w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\Mozilla\Firefox\Profiles\tas3repx.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-05-21 13:47 . 2009-05-21 13:49 -------- d-----w- c:\program files\ABC Amber Flash Converter
2009-05-20 08:20 . 2009-05-08 03:56 2051864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 08:20 . 2009-05-08 03:56 354584 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxch32.dll
2009-05-20 08:20 . 2009-05-08 03:56 424472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-20 08:20 . 2009-05-08 03:56 3288344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\setup.exe
2009-05-20 08:20 . 2009-05-08 03:56 312088 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 08:20 . 2009-05-08 03:56 177432 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmail.dll
2009-05-20 08:20 . 2009-05-08 03:56 486168 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsx.exe
2009-05-20 08:18 . 2009-05-08 03:50 1437464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
2009-05-20 08:18 . 2009-05-08 03:50 755992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 14:01 . 2009-02-12 09:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-06-14 05:04 . 2008-09-26 02:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-06-10 01:28 . 2009-04-11 04:41 65760 ----a-w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 09:07 . 2008-10-16 11:31 -------- d-----w- c:\program files\RegScrubXP
2009-06-04 04:00 . 2009-02-04 04:41 -------- d-----w- c:\program files\IP Discoverer
2009-06-04 02:28 . 2008-10-16 22:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-03 08:34 . 2008-10-16 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-01 09:40 . 2009-02-10 01:37 -------- d-----w- c:\program files\Batch File Compiler Professional Edition v4.21 Trial
2009-06-01 09:38 . 2009-04-07 04:57 -------- d-----w- c:\documents and settings\Jordan\Application Data\FVZilla
2009-05-28 14:41 . 2005-01-11 03:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 02:40 . 2005-10-14 10:13 -------- d-----w- c:\program files\Google
2009-05-24 13:35 . 2009-04-09 14:53 8224 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 07:10 . 2009-04-21 11:34 -------- d-----w- c:\program files\Telstra Turbo Connection Manager
2009-05-16 02:56 . 2008-10-22 00:22 65760 ----a-w- c:\documents and settings\Lachlan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 02:54 . 2009-05-14 02:54 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\ImgBurn
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 09:08 . 2009-05-10 09:08 -------- d-----w- c:\documents and settings\Administrator.TECRA-3DF7CD904\Application Data\Nero
2009-05-08 03:56 . 2009-05-13 03:28 2302232 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avguiadv.dll
2009-05-08 03:56 . 2009-05-13 03:28 3399960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgui.exe
2009-05-05 10:12 . 2008-06-30 00:33 65760 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 09:33 . 2009-05-05 09:33 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-05 09:33 . 2009-05-05 09:22 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-05-05 09:33 . 2009-05-05 09:33 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-05-05 09:33 . 2009-05-05 09:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-05 09:31 . 2009-05-05 09:31 134944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-05-05 09:29 . 2009-05-05 09:29 416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-05 09:21 . 2009-05-05 09:21 -------- d-----w- c:\program files\Microsoft SDKs
2009-05-05 09:17 . 2008-09-26 02:29 -------- d-----w- c:\program files\MSBuild
2009-05-05 09:17 . 2009-05-05 09:17 -------- d-----w- c:\program files\Reference Assemblies
2009-04-27 13:27 . 2009-04-27 12:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJPLM
2009-04-27 12:50 . 2009-04-27 12:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJ
2009-04-27 12:12 . 2009-04-27 12:11 -------- d-----w- c:\documents and settings\Jordan\Application Data\Canon
2009-04-27 12:12 . 2009-04-27 12:12 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJScan
2009-04-27 12:10 . 2009-04-27 11:59 -------- d-----w- c:\program files\Canon
2009-04-27 12:07 . 2009-04-27 12:07 -------- d--h--w- c:\program files\CanonBJ
2009-04-27 06:14 . 2009-03-13 10:59 -------- d-----w- c:\program files\WEPKR
2009-04-25 06:31 . 2009-04-25 06:31 -------- d-----w- c:\documents and settings\Lachlan\Application Data\FVZilla
2009-04-21 05:09 . 2006-01-23 15:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-21 05:09 . 2006-01-23 15:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-26 15:07 . 2009-03-26 15:07 12 ----a-w- c:\windows\winshell2.Dat
2009-03-26 09:04 . 2009-04-01 00:37 110592 ----a-w- c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\v4zzn3qw.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2002-07-31 11:55 . 2009-03-13 08:34 106 --sh--w- c:\windows\WSYS049.SYS
2006-05-03 10:06 . 2007-05-24 12:31 163328 --sh--r- c:\windows\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 356352]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2009-01-27 62952]

c:\documents and settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Jordan\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-6 575488]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [27/01/2009 12:24 PM 21000]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [11/06/2009 4:27 PM 17640]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [27/01/2009 12:24 PM 39688]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [4/08/2004 8:00 PM 14336]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/06/2009 4:45 PM 33792]
R3 uscbs109;uscbs109;c:\windows\system32\drivers\uscbs109.sys [21/03/2005 11:00 PM 8672]
R3 uscsc109;uscsc109;c:\windows\system32\drivers\uscsc109.sys [21/03/2005 11:00 PM 102336]
S2 gupdate1c98cf487991637;Google Update Service (gupdate1c98cf487991637);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2009 5:30 PM 133104]
S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [21/05/2007 9:15 PM 36048]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [21/04/2009 7:34 PM 7680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 4:22 AM 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2008-10-08 10:36]

2009-06-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-27 08:02]

2009-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-30 09:26]

2009-06-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 09:30]

2009-05-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 08:04]

2009-06-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 08:04]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025∏=0&mode=6&app=inclient&version=8.0.065.000〈=en&locale=en-AU&date=-86400&link_id=9&dest=welcome&lic=j5hvqhisiu3s4he7bhx644bu4g0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A8FC37D7-C6D0-43E2-8EFB-9F68F65F084E} = 61.9.242.33,61.9.226.33
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2009-06-17 10:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1935655697-1343024091-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,63,b8,33,62,de,8e,46,97,90,a4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,63,b8,33,62,de,8e,46,97,90,a4,\
.
Completion time: 2009-06-17 10:47
ComboFix-quarantined-files.txt 2009-06-17 02:47

Pre-Run: 2,614,480,896 bytes free
Post-Run: 3,622,453,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOffmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

245 --- E O F --- 2009-06-14 05:04


thanks again for the help. :) :thumbup2:

Edited by Hazza1352, 17 June 2009 - 12:00 AM.

-Hazza-


Put your Spare Computing Hours to a good Cause, Folding@Home. :D

#4 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:17 PM

Posted 17 June 2009 - 01:26 PM

Hi Hazza1352,

Please avoid the color formatting; it's a bit hard on the eyes.

thankyou for the reply screen317, i hope you don't mind me calling you screen from now on, sorry about my own delay another unrelated internet problem (ISP).

No problem. :thumbup2:


Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


After that, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-screen317




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users