Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 Will S.

Will S.

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 22 June 2009 - 02:07 PM

For quite a while I have had a virus that redirects me to a different website. (usually some ToSeekA or advertising thing) I have gone through multiple Anti-viruses, including AVG, Malwarebytes (yes I updated), SpyBot, SUPERAntiSpy, TrueSword, Windows Defender, and a few online scans. They all have either found nothing or found something, deleted, and the problem remained. I have had it for quite a while, so I can't do a System Restore, and obviously I don't want to wipe my computer. I have found numerous forums on this, but when I followed the instructions, it seemed to do nothing. My Java is up to date. I am running IE8, Google Chrome, and Mozilla. (It affects all of them)

Here is my Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:01 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "stsystra.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] "C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {a49c1a82-37f7-489e-9445-e7045742fb91} - C:\WINDOWS\system32\dsound3dd.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9729 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:56 PM

Posted 27 June 2009 - 08:19 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 27 June 2009 - 10:05 PM

Thanks
Unfortunately, my problem remains.

For quite a while I have had a virus that redirects me to a different website. (usually some ToSeekA or advertising thing) I have gone through multiple Anti-viruses, including AVG, Malwarebytes (yes I updated), SpyBot, SUPERAntiSpy, TrueSword, and Windows Defender. They all have either found nothing or found something, deleted, and the problem remained even after everything was cleared. (including my System Restore) Right now I am just running AVG, as you will probably see from the log.
I have had it for quite a while, so I can't do a System Restore, and obviously I don't want to wipe my computer. I have found numerous forums on this, but when I followed the instructions, it seemed to do nothing. My Java is up to date. I am running IE8, Google Chrome, and Mozilla. (It affects all of them)

DDS

DDS (Ver_09-06-26.01) - NTFSx86
Run by William at 21:52:10.47 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2502 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\William\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ClearAllHistory] c:\program files\clearallhistory\cah.exe
uRun: [Google Update] "c:\documents and settings\william\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Nikon Transfer Monitor] "c:\program files\common files\nikon\monitor\NkMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Filter: text/html - {a49c1a82-37f7-489e-9445-e7045742fb91} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-3 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-3 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-3 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-3 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-4-15 33792]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2009-06-23 14:48 139,152 a------- c:\docume~1\william\applic~1\PnkBstrK.sys
2009-06-22 14:11 <DIR> --d----- c:\program files\ComboFix
2009-06-20 11:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 12:52 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 13:35 <DIR> --d----- c:\program files\True Sword 5
2009-06-16 11:14 <DIR> --d----- c:\documents and settings\william\.SunDownloadManager
2009-06-15 23:42 <DIR> --d----- c:\program files\Lavasoft
2009-06-15 22:59 <DIR> --d----- c:\program files\MSSOAP
2009-06-15 22:58 <DIR> --d----- c:\program files\Webroot
2009-06-15 21:59 <DIR> --d----- c:\docume~1\william\applic~1\Malwarebytes
2009-06-15 21:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-15 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-09 21:17 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-04 15:41 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-04 14:47 <DIR> --dsh--- c:\documents and settings\william\IECompatCache
2009-06-04 14:46 <DIR> --dsh--- c:\documents and settings\william\PrivacIE
2009-06-04 14:43 <DIR> --dsh--- c:\documents and settings\william\IETldCache
2009-06-04 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-06-04 13:53 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-06-01 17:56 <DIR> --d----- c:\program files\Hasbro Interactive
2009-06-01 17:41 <DIR> --d----- c:\program files\Undisker
2009-06-01 17:25 <DIR> --d----- c:\docume~1\william\applic~1\DAEMON Tools Pro
2009-06-01 15:02 <DIR> --d----- c:\program files\Maxis
2009-06-01 15:00 <DIR> --d----- c:\documents and settings\william\WINDOWS

==================== Find3M ====================

2009-03-20 09:49 109 a--sh--- c:\windows\system32\2095045112.dat
2009-03-17 18:26 88 ---shr-- c:\windows\system32\975DDA5D8A.sys
2009-03-17 18:26 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:53:38.22 ===============

Attached Files


Edited by Will S., 27 June 2009 - 10:07 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 29 June 2009 - 01:09 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#5 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 29 June 2009 - 11:28 PM

I have not really done much with this computer since. I haven't installed or updated anything new. Here is my DMER log and my Combofix log. I appreciate the help.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 23:25:55
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spxv.sys ZwCreateKey [0xB7EA70E0]
SSDT spxv.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spxv.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT spxv.sys ZwOpenKey [0xB7EA70C0]
SSDT spxv.sys ZwQueryKey [0xB7EC610A]
SSDT spxv.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT spxv.sys ZwSetValueKey [0xB7EC619C]

INT 0x62 ? 8ADD9BF8
INT 0x63 ? 8AE47BF8
INT 0x84 ? 8A2B7F00
INT 0x94 ? 8A2B7F00
INT 0xA4 ? 8A2B7F00
INT 0xB1 ? 8ADD9BF8
INT 0xB1 ? 8AE4ABF8
INT 0xB4 ? 8A2B7F00

Code \??\C:\DOCUME~1\William\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? spxv.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
.text aqtf7jas.SYS B732F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aqtf7jas.SYS B732F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aqtf7jas.SYS B732F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aqtf7jas.SYS B732F3C9 1 Byte [30]
.text aqtf7jas.SYS B732F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text USBPORT.SYS!DllUnload B6B0D8AC 5 Bytes JMP 8A2B74E0
? C:\DOCUME~1\William\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spxv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spxv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spxv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spxv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spxv.sys
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aqtf7jas.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AE461F8
Device \FileSystem\Udfs \UdfsCdRom 89EF8500
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 89EF8500
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Driver\sptd \Device\3201634926 spxv.sys

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8A2B61F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE481F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AE481F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AE481F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AE481F8
Device \Driver\usbuhci \Device\USBPDO-1 8A2B61F8
Device \Driver\usbuhci \Device\USBPDO-2 8A2B61F8
Device \Driver\PCI_PNP9926 \Device\00000046 spxv.sys
Device \Driver\usbuhci \Device\USBPDO-3 8A2B61F8
Device \Driver\PCI_PNP9926 \Device\00000047 spxv.sys
Device \Driver\usbehci \Device\USBPDO-4 8A2B43F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8ADDA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8ADDA1F8
Device \Driver\Cdrom \Device\CdRom0 8A2B51F8
Device \Driver\Cdrom \Device\CdRom1 8A2B51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8ADDA1F8
Device \Driver\Cdrom \Device\CdRom2 8A2B51F8
Device \Driver\Cdrom \Device\CdRom3 8A2B51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898EA1F8
Device \Driver\NetBT \Device\NetbiosSmb 898EA1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A2B61F8
Device \Driver\usbuhci \Device\USBFDO-1 8A2B61F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898E31F8
Device \Driver\usbuhci \Device\USBFDO-2 8A2B61F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898E31F8
Device \Driver\usbuhci \Device\USBFDO-3 8A2B61F8
Device \Driver\usbehci \Device\USBFDO-4 8A2B43F8
Device \Driver\Ftdisk \Device\FtControl 8ADDA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3CA3EE5A-0949-4FA2-9942-D8FCB6F2817F} 898EA1F8
Device \Driver\aqtf7jas \Device\Scsi\aqtf7jas1Port3Path0Target0Lun0 8A2EA368
Device \Driver\aqtf7jas \Device\Scsi\aqtf7jas1 8A2EA368
Device \FileSystem\Fastfat \Fat 8917E1F8
Device \FileSystem\Fastfat \Fat A7FA3297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89FB1500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0x89 0x1D 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE5 0x49 0x13 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9F 0x80 0xFC 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xA3 0x2D 0x0D 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x85 0x67 0x57 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0x89 0x1D 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE5 0x49 0x13 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9F 0x80 0xFC 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xA3 0x2D 0x0D 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x85 0x67 0x57 0xD4 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----


ComboFix

ComboFix 09-06-29.02 - William 06/29/2009 19:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2584 [GMT -5:00]
Running from: c:\documents and settings\William\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETkubdkfir.sys
c:\windows\system32\SKYNETawwlaagp.dll
c:\windows\system32\SKYNETbctyaahs.dat
c:\windows\system32\SKYNETlccsukqg.dat
c:\windows\system32\SKYNETmupxhkrk.dll
c:\windows\twain_16.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxydrhaqy


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-28 02:48 . 2009-06-28 02:48 -------- d--h--w- c:\windows\PIF
2009-06-25 13:42 . 2009-06-17 13:27 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-23 19:48 . 2009-06-23 19:48 139152 ----a-w- c:\documents and settings\William\Application Data\PnkBstrK.sys
2009-06-23 19:48 . 2009-06-23 19:48 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-23 19:46 . 2009-05-15 20:32 1283448 ----a-w- c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-23 19:46 . 2009-05-15 20:32 729088 ----a-w- c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-22 19:11 . 2009-06-22 19:12 -------- d-----w- c:\program files\ComboFix
2009-06-22 18:58 . 2009-06-22 18:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-22 18:46 . 2009-06-22 18:56 -------- d-----w- c:\windows\BDOSCAN8
2009-06-22 10:58 . 2009-06-22 10:58 93 ----a-w- c:\windows\system32\SKYNET.dat
2009-06-20 16:46 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 16:46 . 2009-06-20 16:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 16:46 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 17:52 . 2009-06-18 17:52 -------- d-----w- c:\program files\Trend Micro
2009-06-16 18:35 . 2009-06-18 17:51 -------- d-----w- c:\program files\True Sword 5
2009-06-16 16:14 . 2009-06-16 16:15 -------- d-----w- c:\documents and settings\William\.SunDownloadManager
2009-06-16 04:42 . 2009-06-16 18:35 -------- d-----w- c:\program files\Lavasoft
2009-06-16 04:42 . 2009-06-16 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-16 03:59 . 2009-06-16 03:59 -------- d-----w- c:\program files\MSSOAP
2009-06-16 03:58 . 2009-06-16 03:58 -------- d-----w- c:\program files\Webroot
2009-06-16 03:57 . 2009-06-16 03:57 164 ----a-w- c:\windows\install.dat
2009-06-16 02:59 . 2009-06-16 02:59 -------- d-----w- c:\documents and settings\William\Application Data\Malwarebytes
2009-06-16 02:59 . 2009-06-16 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 00:58 . 2009-06-16 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 20:20 . 2009-06-15 20:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-15 04:02 . 2009-06-15 04:02 -------- d-----w- c:\program files\Windows Defender
2009-06-14 05:14 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\William\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-14 05:13 . 2009-06-14 05:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-14 05:13 . 2009-06-14 05:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-14 05:13 . 2009-06-15 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-14 05:13 . 2009-06-15 20:14 -------- d-----w- c:\program files\NOS
2009-06-12 13:45 . 2009-06-12 13:45 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-12 13:45 . 2009-06-12 13:45 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-12 13:45 . 2009-06-12 13:45 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-12 13:45 . 2009-06-12 13:45 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-10 08:02 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:02 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 02:17 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-10 02:17 . 2009-06-10 02:17 10134 ----a-r- c:\documents and settings\William\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-10 02:17 . 2009-06-10 02:17 -------- d-----w- c:\program files\Microsoft WSE
2009-06-10 01:59 . 2009-06-16 16:16 152576 ----a-w- c:\documents and settings\William\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 21:02 . 2009-06-04 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-04 20:41 . 2009-06-04 20:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-04 20:41 . 2009-06-04 20:41 -------- d-----w- c:\documents and settings\William\Application Data\SystemRequirementsLab
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-04 20:34 . 2009-06-16 18:18 6616 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 19:47 . 2009-06-04 19:47 -------- d-sh--w- c:\documents and settings\William\IECompatCache
2009-06-04 19:46 . 2009-06-04 19:46 -------- d-sh--w- c:\documents and settings\William\PrivacIE
2009-06-04 19:44 . 2009-06-04 19:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-04 19:43 . 2009-06-04 19:43 -------- d-sh--w- c:\documents and settings\William\IETldCache
2009-06-04 19:27 . 2009-06-04 19:54 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-04 19:02 . 2009-06-04 19:02 -------- d-----w- c:\windows\ie8updates
2009-06-04 19:02 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 19:01 . 2009-06-04 19:02 -------- dc-h--w- c:\windows\ie8
2009-06-04 18:54 . 2009-06-04 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-04 18:53 . 2009-06-16 19:30 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-06-01 22:56 . 2009-06-01 23:06 227 ----a-w- c:\windows\PowerReg.dat
2009-06-01 22:56 . 2000-01-14 17:42 45568 ----a-w- c:\windows\UniFish3.exe
2009-06-01 22:56 . 2009-06-01 22:56 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-01 22:41 . 2009-06-01 22:41 -------- d-----w- c:\program files\Undisker
2009-06-01 22:39 . 2009-06-01 22:39 -------- d-----w- c:\documents and settings\William\Application Data\Sonic
2009-06-01 22:38 . 2009-06-01 22:38 -------- d-----w- c:\documents and settings\William\Application Data\Leadertech
2009-06-01 22:26 . 2009-06-04 18:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-01 22:25 . 2009-06-04 19:09 -------- d-----w- c:\documents and settings\William\Application Data\DAEMON Tools Pro
2009-06-01 20:05 . 2009-06-01 20:05 281 ----a-w- c:\windows\EReg072.dat
2009-06-01 20:02 . 2009-06-01 20:02 -------- d-----w- c:\program files\Maxis
2009-06-01 20:02 . 1998-01-23 17:22 304128 ----a-w- c:\windows\IsUninst.exe
2009-06-01 20:00 . 2009-06-01 20:00 -------- d-----w- c:\documents and settings\William\WINDOWS
2009-06-01 19:56 . 2009-06-01 19:56 -------- d-----w- c:\windows\NKCCDViewerSetting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 06:25 . 2009-01-04 04:11 -------- d-----w- c:\program files\Steam
2009-06-24 23:49 . 2006-06-23 01:08 -------- d-----w- c:\program files\Modem Helper
2009-06-23 19:48 . 2009-01-04 21:13 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 19:48 . 2009-01-04 21:13 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-17 13:27 . 2009-01-04 03:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 19:30 . 2009-01-12 22:14 -------- d-----w- c:\program files\Xfire
2009-06-16 18:38 . 2009-02-16 21:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 16:18 . 2009-01-04 04:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 03:02 . 2009-02-23 23:29 -------- d-----w- c:\program files\LucasArts
2009-06-16 03:02 . 2006-06-23 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 01:06 . 2009-03-31 12:08 -------- d-----w- c:\documents and settings\William\Application Data\U3
2009-06-14 05:15 . 2009-01-08 02:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-12 13:45 . 2009-01-04 03:54 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 08:04 . 2009-01-12 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 02:18 . 2009-01-10 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-10 02:17 . 2009-01-10 20:51 -------- d-----w- c:\program files\Electronic Arts
2009-06-10 02:00 . 2006-06-23 01:03 -------- d-----w- c:\program files\Java
2009-06-06 03:42 . 2009-01-11 20:51 -------- d-----w- c:\documents and settings\William\Application Data\AdobeUM
2009-06-04 18:50 . 2006-06-23 01:16 -------- d-----w- c:\program files\Google
2009-05-29 07:00 . 2009-05-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\16471094
2009-05-29 07:00 . 2009-05-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\96481086
2009-05-19 14:31 . 2009-01-04 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-19 14:31 . 2009-01-04 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-19 01:44 . 2009-01-10 21:19 -------- d-----w- c:\documents and settings\William\Application Data\SPORE
2009-05-18 23:45 . 2009-01-10 21:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-13 05:15 . 2005-08-16 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 11:54 . 2009-01-04 03:02 36544 ----a-w- c:\documents and settings\William\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 03:54 . 2009-05-10 03:54 -------- d-----w- c:\documents and settings\William\Application Data\OpenOffice.org
2009-05-10 02:33 . 2009-05-10 02:33 -------- d-----w- c:\program files\JRE
2009-05-10 02:33 . 2009-05-10 02:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-09 18:05 . 2009-01-12 22:22 -------- d-----w- c:\documents and settings\William\Application Data\GetRightToGo
2009-05-09 18:03 . 2009-05-09 18:03 -------- d-----w- c:\program files\Microsoft Works
2009-05-09 18:03 . 2009-05-09 18:03 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 15:32 . 2005-08-16 09:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 21:04 . 2009-01-04 18:45 -------- d-----w- c:\program files\EA GAMES
2009-05-01 22:46 . 2009-01-04 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2008-05-16 19:01 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2006-06-23 00:54 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2006-06-23 00:44 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 03:02 . 2006-06-23 00:44 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2006-06-23 00:44 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2006-06-23 00:44 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2005-08-16 09:35 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2005-08-16 09:35 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-27 05:42 . 2009-05-01 22:44 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-17 12:26 . 2005-08-16 09:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 09:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 16:23 . 2009-04-13 15:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-04-13 15:29 . 2009-04-13 15:29 49152 ----a-r- c:\documents and settings\William\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-04-13 15:28 . 2009-04-13 15:28 335872 ----a-r- c:\documents and settings\William\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-04-13 15:27 . 2006-06-23 01:12 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-04-12 00:53 . 2009-04-12 00:53 1878984 ----a-w- c:\documents and settings\William\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-04-06 21:27 . 2009-04-06 21:27 152576 ----a-w- c:\documents and settings\William\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-20 14:49 . 2009-03-20 14:48 109 --sha-w- c:\windows\system32\2095045112.dat
2009-03-17 23:26 . 2009-01-12 14:17 88 --sh--r- c:\windows\system32\975DDA5D8A.sys
2009-03-17 23:26 . 2009-01-12 14:17 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 14:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\eternal-silence\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\synergy\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/3/2009 10:54 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/3/2009 10:54 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/3/2009 10:54 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/3/2009 10:54 PM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/15/2009 4:13 PM 33792]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458972265-1574099515-794810742-1005.job
- c:\documents and settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-15 01:51]

2009-06-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{2FB13265-F467-4344-B9F0-B58969B530E2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ClearAllHistory - c:\program files\ClearAllHistory\cah.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\William\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-458972265-1574099515-794810742-1005\Software\SecuROM\License information*]
"datasecu"=hex:59,af,d2,c5,de,3b,83,4e,2f,ff,b5,81,1b,bd,11,d6,2f,e9,7f,70,df,
a7,7b,bf,51,1c,6d,b9,ba,e5,cc,d9,55,4e,5d,e0,da,ae,44,06,43,42,a0,99,4e,b2,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Completion time: 2009-06-30 19:25
ComboFix-quarantined-files.txt 2009-06-30 00:25

Pre-Run: 140,352,851,968 bytes free
Post-Run: 140,999,593,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

299 --- E O F --- 2009-06-26 03:16

Edited by Will S., 29 June 2009 - 11:35 PM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 30 June 2009 - 09:02 AM

Hello Will S.

Do you know where this folder came from?
c:\program files\ComboFix

ComboFix does not install itself there.

Posted ImageBackdoor Threat
I'm sorry to say that your computer was infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    File::
    c:\windows\system32\SKYNET.dat
    
    DirLook::
    c:\program files\ComboFix
    c:\documents and settings\William\WINDOWS
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

F-Secure Online Scan
Please run F-Secure Online Scanner.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

With Regards,
The Panda

#7 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 30 June 2009 - 05:45 PM

The ComboFix folder was something another user on this computer. They just took ComboFix and made a folder for it under Program Files. I have deleted it since then.

Thank you for the help, the browser problem has gone away.

F-Secure

Scanning Report
Tuesday, June 30, 2009 16:13:48 - 17:38:29
Computer name: XPS
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

3 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
Trojan-Downloader:W32/Fakerean.gen!A (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0023230.EXE (Renamed & Submitted)
Trojan:INI/Vundo.gen!F (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP124\A0019291.INI (Disinfected & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 64921
System: 3601
Not scanned: 9
Actions:
Disinfected: 2
Renamed: 1
Deleted: 0
Not cleaned: 0
Submitted: 2
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\WILLIAM\LOCAL SETTINGS\TEMP\ETILQS_6PJFSJ398D6ZADN5XYCX
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure

Edited by Will S., 30 June 2009 - 05:45 PM.


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 01 July 2009 - 09:10 AM

Hello.

Please run the CFScript anyway. I wanted to look at the WINDOWS folder under the user profile and remove a leftover file.

With Regards,
The Panda

#9 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 01 July 2009 - 02:11 PM

ComboFix log

ComboFix 09-07-01.01 - William 07/01/2009 14:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2513 [GMT -5:00]
Running from: c:\documents and settings\William\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\William\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\SKYNET.dat"
.

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-06-30 02:29 . 2009-06-30 02:29 1 ----a-w- c:\documents and settings\William\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-28 02:48 . 2009-06-28 02:48 -------- d--h--w- c:\windows\PIF
2009-06-25 13:42 . 2009-06-17 13:27 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-23 19:48 . 2009-06-23 19:48 139152 ----a-w- c:\documents and settings\William\Application Data\PnkBstrK.sys
2009-06-23 19:48 . 2009-06-23 19:48 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-23 19:46 . 2009-05-15 20:32 1283448 ----a-w- c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-23 19:46 . 2009-05-15 20:32 729088 ----a-w- c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-22 18:58 . 2009-06-22 18:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-22 18:46 . 2009-06-22 18:56 -------- d-----w- c:\windows\BDOSCAN8
2009-06-20 16:46 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 16:46 . 2009-06-20 16:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 16:46 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 17:52 . 2009-06-18 17:52 -------- d-----w- c:\program files\Trend Micro
2009-06-16 18:35 . 2009-06-18 17:51 -------- d-----w- c:\program files\True Sword 5
2009-06-16 16:14 . 2009-06-16 16:15 -------- d-----w- c:\documents and settings\William\.SunDownloadManager
2009-06-16 04:42 . 2009-06-16 18:35 -------- d-----w- c:\program files\Lavasoft
2009-06-16 04:42 . 2009-06-16 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-16 03:59 . 2009-06-16 03:59 -------- d-----w- c:\program files\MSSOAP
2009-06-16 03:58 . 2009-06-16 03:58 -------- d-----w- c:\program files\Webroot
2009-06-16 03:57 . 2009-06-16 03:57 164 ----a-w- c:\windows\install.dat
2009-06-16 02:59 . 2009-06-16 02:59 -------- d-----w- c:\documents and settings\William\Application Data\Malwarebytes
2009-06-16 02:59 . 2009-06-16 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 00:58 . 2009-06-16 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 20:20 . 2009-06-15 20:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-15 04:02 . 2009-06-15 04:02 -------- d-----w- c:\program files\Windows Defender
2009-06-14 05:14 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\William\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-14 05:13 . 2009-06-14 05:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-14 05:13 . 2009-06-14 05:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-14 05:13 . 2009-06-15 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-14 05:13 . 2009-06-15 20:14 -------- d-----w- c:\program files\NOS
2009-06-12 13:45 . 2009-06-12 13:45 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-12 13:45 . 2009-06-12 13:45 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-12 13:45 . 2009-06-12 13:45 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-12 13:45 . 2009-06-12 13:45 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-10 08:02 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:02 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 02:17 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-10 02:17 . 2009-06-10 02:17 10134 ----a-r- c:\documents and settings\William\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-10 02:17 . 2009-06-10 02:17 -------- d-----w- c:\program files\Microsoft WSE
2009-06-10 01:59 . 2009-06-16 16:16 152576 ----a-w- c:\documents and settings\William\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 21:02 . 2009-06-04 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-04 20:41 . 2009-06-04 20:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-04 20:41 . 2009-06-04 20:41 -------- d-----w- c:\documents and settings\William\Application Data\SystemRequirementsLab
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-04 20:41 . 2009-06-04 20:41 290816 ----a-w- c:\documents and settings\William\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-04 20:34 . 2009-06-16 18:18 6616 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 19:47 . 2009-06-04 19:47 -------- d-sh--w- c:\documents and settings\William\IECompatCache
2009-06-04 19:46 . 2009-06-04 19:46 -------- d-sh--w- c:\documents and settings\William\PrivacIE
2009-06-04 19:44 . 2009-06-04 19:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-04 19:43 . 2009-06-04 19:43 -------- d-sh--w- c:\documents and settings\William\IETldCache
2009-06-04 19:27 . 2009-06-04 19:54 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-04 19:02 . 2009-06-04 19:02 -------- d-----w- c:\windows\ie8updates
2009-06-04 19:02 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 19:01 . 2009-06-04 19:02 -------- dc-h--w- c:\windows\ie8
2009-06-04 18:54 . 2009-06-04 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-04 18:53 . 2009-06-16 19:30 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-06-01 22:56 . 2009-06-01 23:06 227 ----a-w- c:\windows\PowerReg.dat
2009-06-01 22:56 . 2000-01-14 17:42 45568 ----a-w- c:\windows\UniFish3.exe
2009-06-01 22:56 . 2009-06-01 22:56 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-01 22:41 . 2009-06-01 22:41 -------- d-----w- c:\program files\Undisker
2009-06-01 22:39 . 2009-06-01 22:39 -------- d-----w- c:\documents and settings\William\Application Data\Sonic
2009-06-01 22:38 . 2009-06-01 22:38 -------- d-----w- c:\documents and settings\William\Application Data\Leadertech
2009-06-01 22:26 . 2009-06-04 18:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-01 22:25 . 2009-06-04 19:09 -------- d-----w- c:\documents and settings\William\Application Data\DAEMON Tools Pro
2009-06-01 20:05 . 2009-06-01 20:05 281 ----a-w- c:\windows\EReg072.dat
2009-06-01 20:02 . 2009-06-01 20:02 -------- d-----w- c:\program files\Maxis
2009-06-01 20:02 . 1998-01-23 17:22 304128 ----a-w- c:\windows\IsUninst.exe
2009-06-01 20:00 . 2009-06-01 20:00 -------- d-----w- c:\documents and settings\William\WINDOWS
2009-06-01 19:56 . 2009-06-01 19:56 -------- d-----w- c:\windows\NKCCDViewerSetting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 05:13 . 2009-01-04 21:13 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-01 04:30 . 2009-01-04 21:13 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-01 03:09 . 2009-01-04 04:11 -------- d-----w- c:\program files\Steam
2009-06-24 23:49 . 2006-06-23 01:08 -------- d-----w- c:\program files\Modem Helper
2009-06-17 13:27 . 2009-01-04 03:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 19:30 . 2009-01-12 22:14 -------- d-----w- c:\program files\Xfire
2009-06-16 18:38 . 2009-02-16 21:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 16:18 . 2009-01-04 04:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 03:02 . 2009-02-23 23:29 -------- d-----w- c:\program files\LucasArts
2009-06-16 03:02 . 2006-06-23 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 01:06 . 2009-03-31 12:08 -------- d-----w- c:\documents and settings\William\Application Data\U3
2009-06-14 05:15 . 2009-01-08 02:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-12 13:45 . 2009-01-04 03:54 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 08:04 . 2009-01-12 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 02:18 . 2009-01-10 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-10 02:17 . 2009-01-10 20:51 -------- d-----w- c:\program files\Electronic Arts
2009-06-10 02:00 . 2006-06-23 01:03 -------- d-----w- c:\program files\Java
2009-06-06 03:42 . 2009-01-11 20:51 -------- d-----w- c:\documents and settings\William\Application Data\AdobeUM
2009-06-04 18:50 . 2006-06-23 01:16 -------- d-----w- c:\program files\Google
2009-05-29 07:00 . 2009-05-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\16471094
2009-05-29 07:00 . 2009-05-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\96481086
2009-05-19 14:31 . 2009-01-04 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-19 14:31 . 2009-01-04 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-19 01:44 . 2009-01-10 21:19 -------- d-----w- c:\documents and settings\William\Application Data\SPORE
2009-05-18 23:45 . 2009-01-10 21:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-13 05:15 . 2005-08-16 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 11:54 . 2009-01-04 03:02 36544 ----a-w- c:\documents and settings\William\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 03:54 . 2009-05-10 03:54 -------- d-----w- c:\documents and settings\William\Application Data\OpenOffice.org
2009-05-10 02:33 . 2009-05-10 02:33 -------- d-----w- c:\program files\JRE
2009-05-10 02:33 . 2009-05-10 02:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-09 18:05 . 2009-01-12 22:22 -------- d-----w- c:\documents and settings\William\Application Data\GetRightToGo
2009-05-09 18:03 . 2009-05-09 18:03 -------- d-----w- c:\program files\Microsoft Works
2009-05-09 18:03 . 2009-05-09 18:03 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 15:32 . 2005-08-16 09:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 21:04 . 2009-01-04 18:45 -------- d-----w- c:\program files\EA GAMES
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2008-05-16 19:01 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2006-06-23 00:54 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2006-06-23 00:44 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 03:02 . 2006-06-23 00:44 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2006-06-23 00:44 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2006-06-23 00:44 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2005-08-16 09:35 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2005-08-16 09:35 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-27 05:42 . 2009-05-01 22:44 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-17 12:26 . 2005-08-16 09:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 09:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 16:23 . 2009-04-13 15:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-04-13 15:29 . 2009-04-13 15:29 49152 ----a-r- c:\documents and settings\William\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-04-13 15:28 . 2009-04-13 15:28 335872 ----a-r- c:\documents and settings\William\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-04-13 15:27 . 2006-06-23 01:12 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-04-12 00:53 . 2009-04-12 00:53 1878984 ----a-w- c:\documents and settings\William\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-04-06 21:27 . 2009-04-06 21:27 152576 ----a-w- c:\documents and settings\William\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-20 14:49 . 2009-03-20 14:48 109 --sha-w- c:\windows\system32\2095045112.dat
2009-03-17 23:26 . 2009-01-12 14:17 88 --sh--r- c:\windows\system32\975DDA5D8A.sys
2009-03-17 23:26 . 2009-01-12 14:17 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\William\WINDOWS ----


---- Directory of c:\program files\ComboFix ----



((((((((((((((((((((((((((((( SnapShot@2009-06-30_00.24.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 11:15 . 2009-07-01 11:15 16384 c:\windows\Temp\Perflib_Perfdata_ed4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 14:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\eternal-silence\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\greedonevershot\\synergy\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/3/2009 10:54 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/3/2009 10:54 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/3/2009 10:54 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/3/2009 10:54 PM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/15/2009 4:13 PM 33792]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458972265-1574099515-794810742-1005Core.job
- c:\documents and settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-15 01:51]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458972265-1574099515-794810742-1005UA.job
- c:\documents and settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-15 01:51]

2009-07-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-07-01 c:\windows\Tasks\User_Feed_Synchronization-{2FB13265-F467-4344-B9F0-B58969B530E2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\William\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 14:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-458972265-1574099515-794810742-1005\Software\SecuROM\License information*]
"datasecu"=hex:59,af,d2,c5,de,3b,83,4e,2f,ff,b5,81,1b,bd,11,d6,2f,e9,7f,70,df,
a7,7b,bf,51,1c,6d,b9,ba,e5,cc,d9,55,4e,5d,e0,da,ae,44,06,43,42,a0,99,4e,b2,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-07-01 14:10
ComboFix-quarantined-files.txt 2009-07-01 19:10
ComboFix2.txt 2009-06-30 20:10
ComboFix3.txt 2009-06-30 00:25

Pre-Run: 140,043,874,304 bytes free
Post-Run: 140,210,716,672 bytes free

302 --- E O F --- 2009-06-26 03:16

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 01 July 2009 - 05:05 PM

Hello.

Looks good. However, I would like to see a new set of DDS log before we wrap up. The uninstall list wasn't produced last time for some reason.

With Regards,
The Panda

#11 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 02 July 2009 - 04:17 PM

Thank you for all of your help.

DDS (Ver_09-06-26.01) - NTFSx86
Run by William at 16:14:41.12 on Thu 07/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2719 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\William\Desktop\Here\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\william\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Nikon Transfer Monitor] "c:\program files\common files\nikon\monitor\NkMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\william\applic~1\mozilla\firefox\profiles\6622set1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\william\application data\mozilla\firefox\profiles\6622set1.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\william\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-3 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-3 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-3 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-3 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-4-15 33792]

=============== Created Last 30 ================

2009-06-29 19:24 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-29 19:07 <DIR> a-dshr-- C:\cmdcons
2009-06-29 19:05 161,792 a------- c:\windows\SWREG.exe
2009-06-29 19:05 155,136 a------- c:\windows\PEV.exe
2009-06-29 19:05 98,816 a------- c:\windows\sed.exe
2009-06-27 21:48 <DIR> --d-h--- c:\windows\PIF
2009-06-23 14:48 139,152 a------- c:\docume~1\william\applic~1\PnkBstrK.sys
2009-06-23 14:48 794,408 a------- c:\windows\system32\pbsvc.exe
2009-06-20 11:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 11:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-20 11:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 12:52 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 13:35 <DIR> --d----- c:\program files\True Sword 5
2009-06-16 11:18 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-16 11:14 <DIR> --d----- c:\documents and settings\william\.SunDownloadManager
2009-06-15 23:42 <DIR> --d----- c:\program files\Lavasoft
2009-06-15 22:59 <DIR> --d----- c:\program files\MSSOAP
2009-06-15 22:58 <DIR> --d----- c:\program files\Webroot
2009-06-15 22:57 164 a------- c:\windows\install.dat
2009-06-15 21:59 <DIR> --d----- c:\docume~1\william\applic~1\Malwarebytes
2009-06-15 21:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-15 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-10 03:02 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 03:02 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 21:17 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-06-09 21:17 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-04 15:41 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-04 15:34 6,616 a------- c:\windows\system32\d3d9caps.dat
2009-06-04 15:33 174,210 a------- c:\windows\system32\nvapps.xml
2009-06-04 14:47 <DIR> --dsh--- c:\documents and settings\william\IECompatCache
2009-06-04 14:46 <DIR> --dsh--- c:\documents and settings\william\PrivacIE
2009-06-04 14:43 <DIR> --dsh--- c:\documents and settings\william\IETldCache
2009-06-04 14:27 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-04 14:02 <DIR> --d----- c:\windows\ie8updates
2009-06-04 14:02 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 14:01 <DIR> -cd-h--- c:\windows\ie8
2009-06-04 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-06-04 13:53 <DIR> --d----- c:\program files\DAEMON Tools Pro

==================== Find3M ====================

2009-07-02 15:42 139,016 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-02 15:42 189,488 a------- c:\windows\system32\PnkBstrB.exe
2009-06-16 11:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-12 08:45 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 13:42 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-19 09:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-19 09:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 18:45 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-13 00:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 8,055,584 a------- c:\windows\system32\dllcache\nv4_mini.sys
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-30 16:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 16:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 16:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 16:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 16:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 06:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-13 11:23 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-04-13 10:27 106,496 a------- c:\windows\system32\ATL71.DLL
2006-01-20 14:06 4,489,216 a------- c:\docume~1\alluse~1\applic~1\EAW Deathstar.scr
2009-03-20 09:49 109 a--sh--- c:\windows\system32\2095045112.dat
2009-03-17 18:26 88 ---shr-- c:\windows\system32\975DDA5D8A.sys
2009-03-17 18:26 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:15:09.75 ===============

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 02 July 2009 - 04:51 PM

Hello.

Please include the Attach.txt.

With Regards,
The Panda

#13 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 04 July 2009 - 03:12 PM

Alright... here it is.

Attached Files



#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 04 July 2009 - 03:31 PM

Hello Will.

DDS seems to be having some trouble enumerating the installed programs.

Please post this file:
c:\Qoobox\Add-Remove Programs.txt

With Regards,
The Panda

#15 Will S.

Will S.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 04 July 2009 - 05:34 PM

Here you are.


32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Age of Chivalry
AIO_Scan
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
AVG Free 8.5
Battlefield 2: Deluxe Edition
Battlefield Heroes
BF2 Editor
BF2:Sandbox
Bf2SF64 v1.0
Bonjour
BufferChm
C4200
c4200_Help
Camtasia Studio 6
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Copy
Counter-Strike: Source
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DocProc
DocProcQFolder
Documentation & Support Launcher
EA Download Manager
EarthLink setup files
EducateU
ELIcon
ESPNMotion
eSupportQFolder
Eternal Silence
File Uploader
FOCMapEditor
Garry's Mod
GemMaster Mystic
Google Chrome
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Insurgency
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Intel® Quick Resume Technology Drivers
Intel® Viiv™
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 14
Learn2 Player (Uninstall Only)
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Modem Helper
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Mumble and Murmur
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Nikon Message Center
Nikon Transfer
NVIDIA Drivers
OpenOffice.org 3.1
Otto
Project Reality 0856 Core
Project Reality 0856 Levels
Project Reality 0860 Patch
Project Reality SP 0.85 Core
Project Reality SP 0.85 Mappack 1
Project64 1.6
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PunkBuster Services
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Roll
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sandbox
Scan
Search Assist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SimCity 3000
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Source SDK
Source SDK Base
SPORE™
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Status
Steam
System Requirements Lab
TeamSpeak 2 RC2
The Sims™ 3
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Office 2007 (KB934391)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users