Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getting redirected from yahoo and google searches


  • Please log in to reply
7 replies to this topic

#1 tattoogall

tattoogall

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 06 July 2009 - 10:11 AM

I have tried just about everything to fix this with no success. Every time I try to do a search on yahoo or google it redirects me some where else. Any help would be appreciated.


DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 8:59:07.14 on 06/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.511.162 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\supper.scr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.qfjlicusplnkq.org/VPaH7K_IALt4kapeu5Ciz19Cwu6aA7PPR6qoXJuCIpkXFNZoy1b0OV0yANj5CnmJ.jsp
uSearch Page =
mStart Page =
mSearch Page =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\CurrentLogon.EXE
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live Sign-in Helper
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {D8073790-84C7-4602-BF77-C6ACBF1612E4} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\supper.scr.exe
mRun: [<NO NAME>] c:\windows\options\OEMReset.exe /Audit
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [D-Link RangeBooster G WUA-2340] c:\program files\d-link\rangebooster g wua-2340\AirPlusCFG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\access~1\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\hvnlbzrc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298776]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S0 redie;redie;c:\windows\system32\drivers\icoduqt.sys --> c:\windows\system32\drivers\Icoduqt.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-25 347648]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-25 43392]

=============== Created Last 30 ================

2009-07-05 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-05 16:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-05 16:20 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-07-05 12:47 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-07-05 12:45 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 12:45 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 12:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 12:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 12:15 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-26 19:46 <DIR> --d----- c:\program files\Bazooka Scanner
2009-06-16 15:42 86,094 a------- c:\windows\system32\ImageDrive.cpl
2009-06-12 15:52 268 a---h--- C:\sqmdata17.sqm
2009-06-12 15:52 244 a---h--- C:\sqmnoopt17.sqm

==================== Find3M ====================

2009-07-02 08:26 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 08:26 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-05 19:04 16,798 a------- c:\docume~1\user\applic~1\wklnhst.dat
2009-05-07 09:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 12:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 03:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 09:26 583,168 a------- c:\windows\system32\rpcrt4.dll
2008-12-14 11:21 87,608 a------- c:\docume~1\user\applic~1\ezpinst.exe
2008-12-14 11:21 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
2007-07-03 22:41 476,752 a------- c:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2006-10-16 09:21 139,648 a------- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
2005-04-07 21:09 320 a---h--- c:\documents and settings\user\hpothb07.dat
2032-05-15 10:07 1,537 a--sh--- c:\windows\page files\maxmeg.sys
2007-07-03 22:44 168 ---shr-- c:\windows\system32\4D0DF2E456.sys
2007-06-15 17:47 168 ---shr-- c:\windows\system32\BB13FAE0E7.sys
2007-07-03 22:44 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 8:59:43.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 09 July 2009 - 01:12 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

------------------------------------------------------------------------------------------------------------------

NOTE: IMPORTANT! To other lurkers who see this topic, if you ever want to use ComboFix, please have a look at below tutorial.. You have been warned!

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 tattoogall

tattoogall
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 July 2009 - 12:29 PM

Sorry for the delayed reply I just moved and it took me a bit to get the internet up. I downloaded combofix then clicked to run it but nothing has happened since. No blue screen saying it's preparing to run. Is there something else I can do?

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 15 July 2009 - 05:52 PM

rename it to abc and try run it.. If fail, delete your version, download a fresh one from any of the link above.. rename it again to something else such as zyx and then run it.. post the log here.. if still can't run please tell me.. we'll do another route..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 tattoogall

tattoogall
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 July 2009 - 11:23 AM

ComboFix 09-07-14.08 - User 16/07/2009 9:05.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.511.156 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\abc.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3133978997-2650805779-3784137826-1003
c:\recycler\S-1-5-21-4083798302-572454927-963639892-1003
c:\recycler\S-1-5-21-448486026-995690780-1244716356-1003
c:\recycler\S-1-5-21-773119264-2650805779-3784137826-1005
c:\recycler\S-1-5-21-840360825-4217759621-2681017343-1003
c:\recycler\S-1-5-21-877864702-3000887322-1647371527-1003
c:\windows\Installer\1031040e.msp
c:\windows\Installer\150b9f5.msp
c:\windows\Installer\150b9f8.msp
c:\windows\Installer\19aa94.msp
c:\windows\Installer\19aa97.msp
c:\windows\Installer\1d99c.msp
c:\windows\Installer\1d99f.msp
c:\windows\Installer\2151c95.msi
c:\windows\Installer\2230025.msp
c:\windows\Installer\2230028.msp
c:\windows\Installer\29385f.msp
c:\windows\Installer\29574e6.msp
c:\windows\Installer\36218d.msp
c:\windows\Installer\362190.msp
c:\windows\Installer\381bc.msp
c:\windows\Installer\381bf.msp
c:\windows\Installer\48275dd.msp
c:\windows\Installer\48275fd.msp
c:\windows\Installer\507d4.msp
c:\windows\Installer\507d7.msp
c:\windows\Installer\55c0f69.msp
c:\windows\Installer\55c0f6c.msp
c:\windows\Installer\5996d.msp
c:\windows\Installer\59970.msp
c:\windows\Installer\6164ce9.msp
c:\windows\Installer\6262eb.msp
c:\windows\Installer\6262ee.msp
c:\windows\Installer\6bbedc78.msp
c:\windows\Installer\6bbedc7b.msp
c:\windows\Installer\6cbfee.msp
c:\windows\Installer\6cc020.msp
c:\windows\Installer\71cd06.msp
c:\windows\Installer\71cd09.msp
c:\windows\Installer\73f800.msp
c:\windows\Installer\73f803.msp
c:\windows\Installer\77db92.msp
c:\windows\Installer\77db95.msp
c:\windows\Installer\827b1dd.msp
c:\windows\Installer\948383.msp
c:\windows\Installer\948386.msp
c:\windows\Installer\a8c979.msp
c:\windows\Installer\a8c97c.msp
c:\windows\Installer\ad8d182.msp
c:\windows\Installer\b26ec6.msp
c:\windows\Installer\b26ec9.msp
c:\windows\Installer\df001.msp
c:\windows\Installer\df02f.msp
c:\windows\msvrc20.dll
c:\windows\patch.exe
c:\windows\system32\drivers\MSIVXlvawsmaritcqdscecubbmnjohbsivuqh.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkqmdxuttdrjnsbllflqkxvsinmndpfns.dll
c:\windows\system32\MSIVXvsnwegalaaufkinrqaqmnmbxxuxolajq.dll
c:\windows\system32\open.ico
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 05:08 . 2009-07-16 05:08 -------- d-----w- c:\program files\MSXML 6.0
2009-07-15 02:30 . 2009-07-15 02:30 -------- d-----w- c:\program files\Pure Networks
2009-07-15 02:30 . 2008-12-13 00:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-07-15 02:29 . 2008-12-13 00:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-07-15 02:29 . 2009-07-15 02:29 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-07-15 02:28 . 2009-02-03 00:23 30418224 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2009-07-14 20:14 . 2009-07-14 20:14 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Linksys_LLC_-_A_Division_
2009-07-14 20:13 . 2009-07-14 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-07-14 17:31 . 2009-07-14 17:31 -------- d-----w- c:\program files\WebEx
2009-07-14 17:30 . 2009-07-14 17:30 -------- d-----w- c:\program files\MSBuild
2009-07-14 17:30 . 2009-07-15 05:10 2352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-14 17:23 . 2009-07-14 17:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-14 17:20 . 2009-07-14 17:20 -------- d-----w- c:\program files\Reference Assemblies
2009-07-14 17:19 . 2006-06-29 19:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-14 16:59 . 2009-07-14 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-07-14 16:57 . 2009-07-15 02:33 -------- d-----w- c:\program files\Linksys
2009-07-05 22:21 . 2009-07-16 14:33 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 22:21 . 2009-07-05 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-05 22:20 . 2009-07-05 22:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-05 22:20 . 2009-07-05 22:20 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2009-07-05 18:47 . 2009-07-05 18:47 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-05 18:45 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 18:45 . 2009-07-05 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-05 18:45 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 18:15 . 2009-07-05 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 18:15 . 2009-07-05 18:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-27 01:46 . 2009-06-27 01:46 -------- d-----w- c:\program files\Bazooka Scanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 04:42 . 2004-08-17 16:44 139176 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 02:36 . 2009-05-05 17:18 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-07-15 02:30 . 2009-07-15 02:30 8673792 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-07-15 02:23 . 2009-07-15 02:23 3 ----a-w- c:\program files\option.txt
2009-07-06 14:44 . 2005-03-12 01:20 -------- d-----w- c:\program files\Typograf
2009-07-05 22:19 . 2004-06-16 15:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-04 00:53 . 2007-02-06 01:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-02 14:26 . 2009-04-10 21:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 14:26 . 2009-04-10 21:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 14:26 . 2009-04-10 21:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 03:03 . 2005-02-07 00:32 -------- d-----w- c:\program files\TrojanHunter 4.1
2009-06-26 21:34 . 2004-08-14 17:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-26 21:24 . 2004-09-03 21:27 -------- d-----w- c:\program files\PcBugDoctor
2009-06-19 17:26 . 2009-02-11 00:11 -------- d-----w- c:\program files\limewire
2009-06-16 14:55 . 2003-04-23 22:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2003-04-23 22:01 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-06 01:04 . 2004-05-26 20:19 16798 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat
2009-06-05 23:18 . 2004-06-05 15:41 -------- d-----w- c:\program files\Microsoft Games
2009-06-03 19:27 . 2003-05-30 17:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-07 15:44 . 2003-04-23 22:01 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 15:52 . 2009-04-10 21:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:56 . 2004-02-07 01:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-21 23:51 . 2008-10-22 23:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-07-04 04:44 . 2007-03-13 03:15 168 --sh--r- c:\windows\system32\4D0DF2E456.sys
2007-06-15 23:47 . 2007-02-05 13:39 168 --sh--r- c:\windows\system32\BB13FAE0E7.sys
2007-07-04 04:44 . 2007-02-05 02:49 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2004-08-26 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2005-05-10 1310720]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-11 1937408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\supper.scr.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-05 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2006-09-01 1880064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]

c:\documents and settings\User\Start Menu\Programs\Accessories\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 2:51 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 2:51 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 10:01 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/04/2009 2:51 PM 298776]
S0 redie;redie;c:\windows\system32\drivers\Icoduqt.sys --> c:\windows\system32\drivers\Icoduqt.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [25/07/2005 10:32 PM 347648]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [25/07/2005 10:35 PM 43392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 10:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F81D88C-C298-9935-C5D1-40AA4DB91155}]
c:\windows\system32\msnmsgn.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-31 23:00]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\hvnlbzrc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 09:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2529006832-516276246-1282138258-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-2529006832-516276246-1282138258-1006\Software\Zepter Software\RegLib*e0c3157e\AnyDVD/1]
"1"=dword:444fd090
"2"=dword:44bbcddf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-16 9:15
ComboFix-quarantined-files.txt 2009-07-16 16:15

Pre-Run: 109,630,746,624 bytes free
Post-Run: 109,651,214,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (bootscreen)" /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

270 --- E O F --- 2009-07-16 05:08






DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 9:17:42.54 on 16/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.511.150 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\CurrentLogon.EXE
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live Sign-in Helper
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {D8073790-84C7-4602-BF77-C6ACBF1612E4} - No File
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\supper.scr.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [D-Link RangeBooster G WUA-2340] c:\program files\d-link\rangebooster g wua-2340\AirPlusCFG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\docume~1\user\startm~1\programs\access~1\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\hvnlbzrc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298776]
S0 redie;redie;c:\windows\system32\drivers\icoduqt.sys --> c:\windows\system32\drivers\Icoduqt.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-25 347648]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-25 43392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-16 09:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-16 08:56 <DIR> a-dshr-- C:\cmdcons
2009-07-16 08:52 219,648 a------- c:\windows\PEV.exe
2009-07-16 08:52 161,792 a------- c:\windows\SWREG.exe
2009-07-16 08:52 98,816 a------- c:\windows\sed.exe
2009-07-15 22:08 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-14 19:30 <DIR> --d----- c:\program files\Pure Networks
2009-07-14 19:30 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-07-14 19:29 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-07-14 19:29 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-07-14 13:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2009-07-14 10:31 <DIR> --d----- c:\program files\WebEx
2009-07-14 10:23 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-14 10:19 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-14 09:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-07-14 09:57 <DIR> --d----- c:\program files\Linksys
2009-07-05 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-05 15:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-05 15:20 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-07-05 11:47 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-07-05 11:45 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 11:45 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 11:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 11:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 11:15 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-26 18:46 <DIR> --d----- c:\program files\Bazooka Scanner
2009-06-16 14:42 86,094 a------- c:\windows\system32\ImageDrive.cpl

==================== Find3M ====================

2009-07-14 19:23 3 a------- c:\program files\option.txt
2009-07-02 07:26 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 07:26 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-05 18:04 16,798 a------- c:\docume~1\user\applic~1\wklnhst.dat
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2008-12-14 10:21 87,608 a------- c:\docume~1\user\applic~1\ezpinst.exe
2008-12-14 10:21 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
2007-07-03 21:41 476,752 a------- c:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2006-10-16 08:21 139,648 a------- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
2005-04-07 20:09 320 a---h--- c:\documents and settings\user\hpothb07.dat
2032-05-15 09:07 1,537 a--sh--- c:\windows\page files\maxmeg.sys
2007-07-03 21:44 168 ---shr-- c:\windows\system32\4D0DF2E456.sys
2007-06-15 16:47 168 ---shr-- c:\windows\system32\BB13FAE0E7.sys
2007-07-03 21:44 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 9:18:05.22 ===============

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 July 2009 - 11:41 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
redie

File::
c:\windows\system32\drivers\Icoduqt.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 tattoogall

tattoogall
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 July 2009 - 03:41 PM

ComboFix 09-07-14.08 - User 16/07/2009 13:13.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.511.234 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\abc.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\Icoduqt.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_redie


((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 05:08 . 2009-07-16 05:08 -------- d-----w- c:\program files\MSXML 6.0
2009-07-15 02:30 . 2009-07-15 02:30 -------- d-----w- c:\program files\Pure Networks
2009-07-15 02:30 . 2008-12-13 00:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-07-15 02:29 . 2008-12-13 00:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-07-15 02:29 . 2009-07-15 02:29 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-07-15 02:28 . 2009-02-03 00:23 30418224 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2009-07-14 20:14 . 2009-07-14 20:14 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Linksys_LLC_-_A_Division_
2009-07-14 20:13 . 2009-07-14 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-07-14 17:31 . 2009-07-14 17:31 -------- d-----w- c:\program files\WebEx
2009-07-14 17:30 . 2009-07-14 17:30 -------- d-----w- c:\program files\MSBuild
2009-07-14 17:30 . 2009-07-15 05:10 2352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-14 17:23 . 2009-07-14 17:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-14 17:20 . 2009-07-14 17:20 -------- d-----w- c:\program files\Reference Assemblies
2009-07-14 17:19 . 2006-06-29 19:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-14 16:59 . 2009-07-14 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-07-14 16:57 . 2009-07-15 02:33 -------- d-----w- c:\program files\Linksys
2009-07-05 22:21 . 2009-07-16 20:21 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 22:21 . 2009-07-05 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-05 22:20 . 2009-07-05 22:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-05 22:20 . 2009-07-05 22:20 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2009-07-05 18:47 . 2009-07-05 18:47 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-05 18:45 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 18:45 . 2009-07-05 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-05 18:45 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 18:15 . 2009-07-05 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 18:15 . 2009-07-05 18:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-27 01:46 . 2009-06-27 01:46 -------- d-----w- c:\program files\Bazooka Scanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 04:42 . 2004-08-17 16:44 139176 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 02:36 . 2009-05-05 17:18 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-07-15 02:30 . 2009-07-15 02:30 8673792 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-07-15 02:23 . 2009-07-15 02:23 3 ----a-w- c:\program files\option.txt
2009-07-06 14:44 . 2005-03-12 01:20 -------- d-----w- c:\program files\Typograf
2009-07-05 22:19 . 2004-06-16 15:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-04 00:53 . 2007-02-06 01:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-02 14:26 . 2009-04-10 21:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 14:26 . 2009-04-10 21:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 14:26 . 2009-04-10 21:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 03:03 . 2005-02-07 00:32 -------- d-----w- c:\program files\TrojanHunter 4.1
2009-06-26 21:34 . 2004-08-14 17:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-26 21:24 . 2004-09-03 21:27 -------- d-----w- c:\program files\PcBugDoctor
2009-06-19 17:26 . 2009-02-11 00:11 -------- d-----w- c:\program files\limewire
2009-06-16 14:55 . 2003-04-23 22:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2003-04-23 22:01 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-06 01:04 . 2004-05-26 20:19 16798 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat
2009-06-05 23:18 . 2004-06-05 15:41 -------- d-----w- c:\program files\Microsoft Games
2009-06-03 19:27 . 2003-05-30 17:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-07 15:44 . 2003-04-23 22:01 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 15:52 . 2009-04-10 21:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:56 . 2004-02-07 01:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-21 23:51 . 2008-10-22 23:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-07-04 04:44 . 2007-03-13 03:15 168 --sh--r- c:\windows\system32\4D0DF2E456.sys
2007-06-15 23:47 . 2007-02-05 13:39 168 --sh--r- c:\windows\system32\BB13FAE0E7.sys
2007-07-04 04:44 . 2007-02-05 02:49 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_16.12.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 20:20 . 2009-07-16 20:20 16384 c:\windows\temp\Perflib_Perfdata_774.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2004-08-26 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2005-05-10 1310720]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-11 1937408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\supper.scr.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-05 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2006-09-01 1880064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]

c:\documents and settings\User\Start Menu\Programs\Accessories\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 2:51 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 2:51 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 10:01 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 10:01 AM 7408]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [25/07/2005 10:32 PM 347648]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [25/07/2005 10:35 PM 43392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F81D88C-C298-9935-C5D1-40AA4DB91155}]
c:\windows\system32\msnmsgn.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-31 23:00]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\hvnlbzrc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 13:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2529006832-516276246-1282138258-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-2529006832-516276246-1282138258-1006\Software\Zepter Software\RegLib*e0c3157e\AnyDVD/1]
"1"=dword:444fd090
"2"=dword:44bbcddf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6924)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PSIService.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wwSecure.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-16 13:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 20:36
ComboFix2.txt 2009-07-16 16:15

Pre-Run: 109,545,783,296 bytes free
Post-Run: 109,468,540,928 bytes free

235 --- E O F --- 2009-07-16 05:08





DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 13:38:32.34 on 16/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.511.208 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\CurrentLogon.EXE
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live Sign-in Helper
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {D8073790-84C7-4602-BF77-C6ACBF1612E4} - No File
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\supper.scr.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [D-Link RangeBooster G WUA-2340] c:\program files\d-link\rangebooster g wua-2340\AirPlusCFG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\docume~1\user\startm~1\programs\access~1\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\hvnlbzrc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298776]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-25 347648]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-25 43392]

=============== Created Last 30 ================

2009-07-16 09:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-16 08:56 <DIR> a-dshr-- C:\cmdcons
2009-07-16 08:52 219,648 a------- c:\windows\PEV.exe
2009-07-16 08:52 161,792 a------- c:\windows\SWREG.exe
2009-07-16 08:52 98,816 a------- c:\windows\sed.exe
2009-07-15 22:08 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-14 19:30 <DIR> --d----- c:\program files\Pure Networks
2009-07-14 19:30 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-07-14 19:29 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-07-14 19:29 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-07-14 13:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2009-07-14 10:31 <DIR> --d----- c:\program files\WebEx
2009-07-14 10:23 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-14 10:19 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-14 09:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-07-14 09:57 <DIR> --d----- c:\program files\Linksys
2009-07-05 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-05 15:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-05 15:20 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-07-05 11:47 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-07-05 11:45 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 11:45 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-05 11:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 11:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 11:15 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-26 18:46 <DIR> --d----- c:\program files\Bazooka Scanner
2009-06-16 14:42 86,094 a------- c:\windows\system32\ImageDrive.cpl

==================== Find3M ====================

2009-07-14 19:23 3 a------- c:\program files\option.txt
2009-07-02 07:26 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 07:26 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-05 18:04 16,798 a------- c:\docume~1\user\applic~1\wklnhst.dat
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2008-12-14 10:21 87,608 a------- c:\docume~1\user\applic~1\ezpinst.exe
2008-12-14 10:21 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
2007-07-03 21:41 476,752 a------- c:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2006-10-16 08:21 139,648 a------- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
2005-04-07 20:09 320 a---h--- c:\documents and settings\user\hpothb07.dat
2032-05-15 09:07 1,537 a--sh--- c:\windows\page files\maxmeg.sys
2007-07-03 21:44 168 ---shr-- c:\windows\system32\4D0DF2E456.sys
2007-06-15 16:47 168 ---shr-- c:\windows\system32\BB13FAE0E7.sys
2007-07-03 21:44 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:39:10.40 ===============

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 17 July 2009 - 02:21 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users