Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google REdirecting virus?!?!


  • This topic is locked This topic is locked
50 replies to this topic

#1 mariol

mariol

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 29 July 2009 - 11:54 PM

Google Redirecting Virus, HELP!
seems i have been hit with the Google redirect virus that redirects all the links I click from google to random ad sites... I've ran Malwarebytes, had no results, ran Spybot, fixed all issues. Still I have the Redirect virus! What's wrong!! I have Windows XP SP3, Home Edition . yeah it sucks, i can't search anything with Google. I'm pissed, and any help will be appreciated .

Finally DDS Scanned


DDS (Ver_09-06-26.01) - NTFSx86
Run by 32 STAT at 22:09:03.50 on Wed 07/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.382 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-

52D74245D6BF}
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-

56CF-40B5-A06B-BD3A27397C93}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-

D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\32 STAT\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.yahoo.com.cn
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
mCustomizeSearch = about:blank
mSearchAssistant = about:blank
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0A94B111-4504-4e26-AB05-E61E474AA38B} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {45BEF2E4-94FC-76A4-83A1-DF50DE91DB6C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1

\SDHelper.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8

\toolbar\IEToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1

\mcieplg.dll
BHO: {B85389AD-AB08-4542-8449-66E48FCB8A60} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: {e3c46f54-04c0-4b6d-9963-a5f38c4610f1} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {FA91B828-F937-4568-82C1-843627E63ED7} - No File
TB: {201F07E6-5CC7-0C86-36BC-71BF79EDEC2D} - No File
TB: {88d59889-c2e1-4095-b536-36806bd2144c} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {F4D76F09-7896-458a-890F-E1F05C46069F} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1

\mcafee\sitead~1\mcieplg.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\roboform.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8

\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File
TB: {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - No File
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
dRunOnce: [RunNarrator] Narrator.exe
IE: Customize Menu - file://c:\program files\siber systems\ai

roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai

roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai

roboform\RoboFormComSavePass.html
IE: {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=yahoomail
IE: {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=yahoomsg
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326}
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1

\micros~4\office11\REFIEBAR.DLL
IE: {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - {47B92A27-8252-420D-9630-378EF61434D7}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1

\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: virusschlacht.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -

hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6

-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-

us/4,0,0,72/mcinsctl.cab
DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} -

hxxp://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} -

hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6F750200-1362-4815-A476-88533DE61D0C} -

hxxp://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-

windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37848.6993865741
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-

us/1,0,0,15/mcgdmgr.cab
DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-

131_04-win.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-

windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-

windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-

windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.41.57.144/activex/AMC.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} -

hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ddcYsQhF - ddcYsQhF.dll
AppInit_DLLs: HPTcpMonsys.dll eerrql.dll c:\windows\system32\ c:\windows\system32\wibovaha.dll

c:\windows\system32\putiwuwa.dll c:\windows\system32\fosajugu.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32

\WPDShServiceObj.dll
SEH: {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - No File
SEH: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
LSA: Notification Packages = scecli c:\windows\system32\novusina.dll c:\windows\system32

\putiwuwa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\32stat~1\applic~1\mozilla\firefox\profiles\6ofsiyqn.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - component: c:\documents and settings\32 stat\application

data\mozilla\firefox\profiles\6ofsiyqn.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}

\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\32 stat\local settings\application

data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\NPSIStub.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-16 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys

[2007-8-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-29 108552]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2005-6-4 629264]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-29 298776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program

files\mcafee\siteadvisor\McSACore.exe [2008-12-24 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2009-4-27 24652]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2001-11-15

164864]
S2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program

files\eset\eset smart security\ekrn.exe [?]
S2 sdjjlb;sdjjlb;c:\windows\system32\drivers\sdjjlb.sys --> c:\windows\system32\drivers\sdjjlb.sys

[?]
S2 ThemesTrkWks;Themes ThemesTrkWks;c:\windows\system32\3com_dmim.exe srv --> c:\windows\system32

\3com_dmim.exe srv [?]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program

files\yahoo!\antivirus\VetMsg.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service -->

c:\windows\system32\GameMon.des -service [?]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2001-7-31 130332]
S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2005-6-4 108592]
S3 XDva010;XDva010;\??\c:\windows\system32\xdva010.sys --> c:\windows\system32\XDva010.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\xdva039.sys --> c:\windows\system32\XDva039.sys [?]

=============== Created Last 30 ================

2009-07-26 14:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SwiftKit
2009-07-26 14:08 <DIR> --d----- c:\program files\SwiftKit
2009-07-20 20:01 1,536 a------- C:\palm.grf
2009-07-19 18:16 76,817 a------- c:\windows\War3Unin.dat
2009-07-19 18:16 2,829 a------- c:\windows\War3Unin.pif
2009-07-19 18:16 139,264 a------- c:\windows\War3Unin.exe
2009-07-17 18:16 <DIR> --d----- c:\program files\PeerGuardian2
2009-07-14 17:04 398 a------- c:\windows\AudioConverter.INI
2009-07-14 16:42 <DIR> --d----- C:\AudioConverter
2009-07-14 16:41 <DIR> --d----- c:\program files\easetech
2009-07-13 10:25 0 a------- c:\windows\system32\TSR.key
2009-07-13 10:24 <DIR> --d----- c:\program files\TotalScreenRecorder
2009-07-13 09:57 <DIR> --d----- c:\program files\HyCam2
2009-07-09 19:28 <DIR> --d----- c:\documents and settings\32 stat\.exe ipconfig
2009-07-09 19:28 <DIR> --d----- c:\documents and settings\32 stat\.exe

==================== Find3M ====================

2009-07-29 15:13 34 a------- c:\documents and settings\32

stat\jagex_runescape_preferences.dat
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 17:02 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-29 22:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-28 18:35 110,574 a------- c:\windows\~DFF6.tmp
2007-11-20 19:53 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-01-22 14:46 32 ac---r-- c:\documents and settings\all users\hash.dat
2005-07-29 17:24 472 a--shr-- c:\windows\ia\KE.vbs
2008-12-17 14:42 16,384 a--sh--- c:\windows\system32\config\systemprofile\local

settings\application data\microsoft\feeds cache\index.dat
2008-11-18 17:27 34,105,376 ac-sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 22:14:34.28 ===============

Attached Files


Edited by mariol, 30 July 2009 - 12:19 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:45 PM

Posted 30 July 2009 - 12:38 AM

Hello mariol,

Posted Image

You have a rootkit causing these problems.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 30 July 2009 - 10:14 AM

HI i can't seem to close all my anti-virus' I've closed avg but when i open up combofix it says it detects AVG and SBC anti-virus(i dont even use this!!) how do i close all of them?!?

Edited by mariol, 30 July 2009 - 10:15 AM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:45 PM

Posted 30 July 2009 - 10:35 AM

Try to run it anyway.....if it won't you may have to temporarily uninstall AVG so it will run.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 30 July 2009 - 02:19 PM

Will do.

ComboFix 09-07-29.04 - 32 STAT 07/30/2009 11:40.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.574 [GMT -7:00]
Running from: c:\documents and settings\32 STAT\Desktop\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8LMNCD2R\CnsMinExM[1].cab
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPKLGZCP\CnsMinCgM[1].htm
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPKLGZCP\CnsMinExM[1].htm
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPKLGZCP\CnsMinUp[1].ini
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\STO4EUGN\CnsMinM[1].htm
c:\recycler\S-1-5-21-1409082233-2111687655-1801674531-1003
c:\windows\Downloaded Program Files.\CnsHint.cab
c:\windows\Downloaded Program Files.\cnshint.dll
c:\windows\Downloaded Program Files.\cnshook.dll.1.log
c:\windows\Downloaded Program Files.\cnshook.dll.2.log
c:\windows\Downloaded Program Files.\cnsio.dll_tobedeleted
c:\windows\Downloaded Program Files.\CnsMinAL.cab
c:\windows\Downloaded Program Files.\CnsMinCg.ini
c:\windows\Downloaded Program Files.\CnsMinIO.dll_tobedeleted
c:\windows\Downloaded Program Files.\CnsPlus.cab
c:\windows\Downloaded Program Files.\cnsplus.dll
c:\windows\Downloaded Program Files.\CnsUp.ini
c:\windows\Downloaded Program Files\autolive.dll
c:\windows\Downloaded Program Files\CnsMinAL.cab
c:\windows\Downloaded Program Files\CnsMinCg.ini
c:\windows\Downloaded Program Files\CnsMinIO.dll_tobedeleted
c:\windows\Downloaded Program Files\sms.ico
c:\windows\Downloaded Program Files\taobao.ico
c:\windows\Downloaded Program Files\yahoomsg.ico
c:\windows\Downloaded Program Files\ymail.ico
c:\windows\IA
c:\windows\IA\KE.vbs
c:\windows\Installer\1008f52.msp
c:\windows\Installer\10313bb.msp
c:\windows\Installer\1036f0a.msp
c:\windows\Installer\10448ef.msp
c:\windows\Installer\11137d9.msp
c:\windows\Installer\118232bf.msp
c:\windows\Installer\121257.msi
c:\windows\Installer\1303e2b.msp
c:\windows\Installer\131cd56.msp
c:\windows\Installer\131cd59.msp
c:\windows\Installer\13943ec.msp
c:\windows\Installer\141f802.msp
c:\windows\Installer\141f805.msp
c:\windows\Installer\168f3ee.msp
c:\windows\Installer\16a5c0bb.msp
c:\windows\Installer\1764ea1.msp
c:\windows\Installer\1764ea4.msp
c:\windows\Installer\17a2fdb.msp
c:\windows\Installer\17a2fde.msp
c:\windows\Installer\1811934.msp
c:\windows\Installer\184f28.msi
c:\windows\Installer\188c10b.msp
c:\windows\Installer\1a28b7.msp
c:\windows\Installer\1b29e44.msp
c:\windows\Installer\1b29e47.msp
c:\windows\Installer\1b2b873.msp
c:\windows\Installer\1b2b876.msp
c:\windows\Installer\1bcd0ae4.msp
c:\windows\Installer\1bcd0ae7.msp
c:\windows\Installer\1bdb050.msp
c:\windows\Installer\1bdb053.msp
c:\windows\Installer\1c71ab6.msp
c:\windows\Installer\1c71ab9.msp
c:\windows\Installer\1cabab1.msp
c:\windows\Installer\1cb18ee.msp
c:\windows\Installer\1cb18f1.msp
c:\windows\Installer\1d60ef6.msp
c:\windows\Installer\1d60ef9.msp
c:\windows\Installer\1dc4aaa.msp
c:\windows\Installer\1dc4aad.msp
c:\windows\Installer\1df7b31.msp
c:\windows\Installer\1df7b34.msp
c:\windows\Installer\1e3ef15.msp
c:\windows\Installer\1e3ef18.msp
c:\windows\Installer\1f3866b.msp
c:\windows\Installer\1f68090.msp
c:\windows\Installer\1f68093.msp
c:\windows\Installer\1f70ba.msp
c:\windows\Installer\1fa4190.msp
c:\windows\Installer\1fa4193.msp
c:\windows\Installer\1fbf71.msp
c:\windows\Installer\1fbf74.msp
c:\windows\Installer\201f4ef.msp
c:\windows\Installer\201f4f2.msp
c:\windows\Installer\2092322.msp
c:\windows\Installer\2092325.msp
c:\windows\Installer\20bb73a.msp
c:\windows\Installer\20df2f1.msp
c:\windows\Installer\20df2f4.msp
c:\windows\Installer\20f2c525.msp
c:\windows\Installer\20f2c528.msp
c:\windows\Installer\212c736.msp
c:\windows\Installer\212c739.msp
c:\windows\Installer\21424c2.msp
c:\windows\Installer\21424c5.msp
c:\windows\Installer\217406a.msp
c:\windows\Installer\217406d.msp
c:\windows\Installer\218e9d4.msp
c:\windows\Installer\218e9d7.msp
c:\windows\Installer\219877b.msp
c:\windows\Installer\219877e.msp
c:\windows\Installer\21ced3b.msp
c:\windows\Installer\21ced3e.msp
c:\windows\Installer\21fc959.msp
c:\windows\Installer\22408d0.msp
c:\windows\Installer\22408d3.msp
c:\windows\Installer\2266a40.msp
c:\windows\Installer\2266a43.msp
c:\windows\Installer\2285007.msp
c:\windows\Installer\228500a.msp
c:\windows\Installer\22f2f3e.msp
c:\windows\Installer\22f2f41.msp
c:\windows\Installer\2386cc8.msp
c:\windows\Installer\2386ccb.msp
c:\windows\Installer\23d33bf.msp
c:\windows\Installer\23d33c2.msp
c:\windows\Installer\243569b.msp
c:\windows\Installer\243569e.msp
c:\windows\Installer\251702a.msp
c:\windows\Installer\25dcff3.msp
c:\windows\Installer\25dcff6.msp
c:\windows\Installer\261d128.msp
c:\windows\Installer\28070d1.msp
c:\windows\Installer\2a84f2.msp
c:\windows\Installer\2b8fa3.msi
c:\windows\Installer\2b90a71.msp
c:\windows\Installer\2d70119.msp
c:\windows\Installer\2f18e56.msp
c:\windows\Installer\2fb37d1.msi
c:\windows\Installer\3141777.msp
c:\windows\Installer\32e15b3.msp
c:\windows\Installer\337e7cc.msp
c:\windows\Installer\337e7cf.msp
c:\windows\Installer\3423bb.msp
c:\windows\Installer\342a58e.msp
c:\windows\Installer\346bc00.msp
c:\windows\Installer\346bc03.msp
c:\windows\Installer\35e925.msp
c:\windows\Installer\3643181.msp
c:\windows\Installer\3643184.msp
c:\windows\Installer\38bb3e3.msp
c:\windows\Installer\38bb3e6.msp
c:\windows\Installer\39a67b.msp
c:\windows\Installer\39a67e.msp
c:\windows\Installer\4cf48f.msp
c:\windows\Installer\4d0383.msp
c:\windows\Installer\511e1d.msp
c:\windows\Installer\511e20.msp
c:\windows\Installer\533767.msp
c:\windows\Installer\53376a.msp
c:\windows\Installer\57a6c8.msp
c:\windows\Installer\57a6cb.msp
c:\windows\Installer\5ba4ad9.msp
c:\windows\Installer\5ba8c8.msp
c:\windows\Installer\5ba8cb.msp
c:\windows\Installer\5d500f.msp
c:\windows\Installer\5d5012.msp
c:\windows\Installer\6b23f.msi
c:\windows\Installer\73285ab.msp
c:\windows\Installer\73f3f2d.msp
c:\windows\Installer\7c4e44.msp
c:\windows\Installer\7c4e47.msp
c:\windows\Installer\813db85.msp
c:\windows\Installer\85721.msp
c:\windows\Installer\85724.msp
c:\windows\Installer\90880.msp
c:\windows\Installer\aefee3.msp
c:\windows\Installer\aefee6.msp
c:\windows\Installer\b58a0f.msp
c:\windows\Installer\b969f1.msp
c:\windows\Installer\ba23cb.msp
c:\windows\Installer\ba23ce.msp
c:\windows\Installer\c5e50c8.msp
c:\windows\Installer\f3e977.msp
c:\windows\Installer\f3e97a.msp
c:\windows\Installer\f81cf7.msp
c:\windows\Installer\ff79ac.msp
c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\cemetrix.dll
c:\windows\system32\cns.dat
c:\windows\system32\cns.dll
c:\windows\system32\cns.exe
c:\windows\system32\codtosov.dll
c:\windows\SYSTEM32\drivers\CnsMinKP.sys
c:\windows\system32\drivers\geyekrlkmrmttk.sys
c:\windows\system32\geyekrbfamrxrs.dll
c:\windows\system32\geyekriymsvpcb.dat
c:\windows\system32\geyekrmprqxexy.dat
c:\windows\system32\isebonuk.ini
c:\windows\system32\ogenuwaw.ini
c:\windows\system32\ruqfpslc.dll
c:\windows\system32\skinboxer43.dll
c:\windows\Downloaded Program Files.\CnsHint.cab . . . . failed to delete
c:\windows\Downloaded Program Files.\cnshint.dll . . . . failed to delete
c:\windows\Downloaded Program Files.\cnshook.dll.1.log . . . . failed to delete
c:\windows\Downloaded Program Files.\cnshook.dll.2.log . . . . failed to delete
c:\windows\Downloaded Program Files.\cnsio.dll_tobedeleted . . . . failed to delete
c:\windows\Downloaded Program Files.\CnsPlus.cab . . . . failed to delete
c:\windows\Downloaded Program Files.\cnsplus.dll . . . . failed to delete
c:\windows\Downloaded Program Files.\CnsUp.ini . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CNSMINKP
-------\Legacy_NEW_DRV
-------\Legacy_THEMESTRKWKS
-------\Service_geyekrmethoskj
-------\Service_ThemesTrkWks


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 05:38 . 2009-07-30 05:38 -------- d-----w- c:\windows\ie8updates
2009-07-30 03:39 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-30 03:39 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-26 21:08 . 2009-07-26 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-07-26 21:08 . 2009-07-26 21:23 -------- d-----w- c:\program files\SwiftKit
2009-07-20 01:16 . 2009-07-26 05:31 76817 ----a-w- c:\windows\War3Unin.dat
2009-07-20 01:16 . 2009-07-20 01:31 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-20 01:16 . 2009-07-20 01:31 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-20 01:09 . 2009-07-29 22:11 -------- d-----w- c:\program files\Warcraft III
2009-07-19 18:31 . 2009-07-19 18:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-19 16:39 . 2009-07-19 16:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-18 01:16 . 2009-07-27 20:19 -------- d-----w- c:\program files\PeerGuardian2
2009-07-18 00:47 . 2009-07-12 00:01 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-17 19:59 . 2009-07-17 19:59 -------- d-----w- c:\documents and settings\32 STAT\Local Settings\Application Data\Temp
2009-07-14 23:42 . 2009-07-14 23:42 -------- d-----w- C:\AudioConverter
2009-07-14 23:41 . 2009-07-14 23:41 -------- d-----w- c:\program files\easetech
2009-07-14 23:23 . 2009-07-15 00:27 -------- d-----w- c:\documents and settings\32 STAT\Local Settings\Application Data\WMTools Downloaded Files
2009-07-13 17:24 . 2009-07-13 17:26 -------- d-----w- c:\program files\TotalScreenRecorder
2009-07-13 16:57 . 2009-07-13 16:57 -------- d-----w- c:\program files\HyCam2
2009-07-10 02:28 . 2009-07-10 02:28 -------- d-----w- c:\documents and settings\32 STAT\.exe ipconfig
2009-07-10 02:28 . 2009-07-10 02:28 -------- d-----w- c:\documents and settings\32 STAT\.exe
2009-07-06 05:17 . 2009-06-16 16:29 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 03:29 . 2009-04-22 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-30 02:22 . 2009-04-22 20:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 23:48 . 2005-03-04 03:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-29 23:33 . 2007-06-19 00:03 -------- d-----w- c:\documents and settings\32 STAT\Application Data\uTorrent
2009-07-29 22:13 . 2008-07-04 06:03 34 ----a-w- c:\documents and settings\32 STAT\jagex_runescape_preferences.dat
2009-07-27 16:09 . 2008-02-23 23:39 -------- d-----w- c:\program files\Starcraft
2009-07-21 00:36 . 2008-11-09 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 00:36 . 2009-04-11 18:25 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-17 21:01 . 2008-08-20 00:36 -------- d-----w- c:\program files\FrostWire
2009-07-17 20:50 . 2009-02-15 00:52 -------- d-----w- c:\program files\Steam
2009-07-14 23:33 . 2009-04-28 01:55 -------- d-----w- c:\program files\AIMTunes
2009-07-13 20:36 . 2008-11-09 05:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-11-09 05:52 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 00:02 . 2008-11-17 02:00 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 01:58 . 2009-06-19 00:06 -------- d-----w- c:\documents and settings\32 STAT\Application Data\U3
2009-07-03 17:09 . 2004-08-24 03:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 00:26 . 2009-06-17 23:08 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-20 02:53 . 2009-06-12 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-20 02:52 . 2008-12-06 02:42 -------- d-----w- c:\program files\AIM6
2009-06-20 02:51 . 2005-03-27 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-20 02:49 . 2009-04-28 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-19 03:59 . 2009-06-19 03:59 -------- d-----w- c:\program files\Colorizer
2009-06-19 03:54 . 2009-06-19 03:54 -------- d-----w- c:\program files\Boletrice AIM Fader
2009-06-17 23:06 . 2007-08-25 02:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2002-06-08 18:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-06-08 18:16 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 04:21 . 2009-06-15 04:21 -------- d-----w- c:\documents and settings\32 STAT\Application Data\Arcsoft
2009-06-15 04:21 . 2009-06-15 03:51 -------- d-----w- c:\program files\Palm
2009-06-15 03:53 . 2009-06-15 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HotSync
2009-06-15 03:53 . 2009-06-15 03:53 -------- d-----w- c:\documents and settings\32 STAT\Application Data\HotSync
2009-06-12 01:50 . 2009-06-12 01:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-03 19:09 . 2003-05-13 17:28 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 04:02 . 2006-07-22 02:33 -------- d-----w- c:\program files\HP
2009-06-03 04:01 . 2002-06-08 18:05 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-03 04:00 . 2009-06-03 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-03 03:52 . 2009-06-03 03:52 45056 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut2_E14B8A0842B346769E911D39F8158DA1.exe
2009-06-03 03:52 . 2009-06-03 03:52 45056 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut1_E14B8A0842B346769E911D39F8158DA1.exe
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\Freeze.com
2009-06-01 03:50 . 2009-05-30 05:31 -------- d-----w- c:\documents and settings\32 STAT\Application Data\AVGTOOLBAR
2009-05-30 05:31 . 2008-11-17 02:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-30 05:31 . 2009-05-30 05:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-29 01:35 . 2009-05-29 01:34 110574 ----a-w- c:\windows\~DFF6.tmp
2009-05-27 04:46 . 2009-05-27 04:46 32 --s-a-w- c:\windows\system32\2291948809.dat
2009-05-19 08:36 . 2009-06-20 02:49 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 08:36 . 2009-06-20 02:49 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 08:36 . 2009-06-20 02:49 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-06-20 02:49 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-06-20 02:49 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-06-20 02:49 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-06-20 02:49 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 08:36 . 2009-06-20 02:49 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-07 15:32 . 2002-06-08 18:16 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:23 . 2009-05-08 01:07 372736 ----a-w- c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-07-23 22:19 . 2008-12-25 01:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-29 01:49 . 2009-01-29 01:49 62976 ----a-w- c:\program files\mozilla firefox\plugins\uc_sfighters_launching.dll
2008-06-04 02:37 . 2008-06-04 02:36 24 --sh--w- c:\windows\S8ABB94A5.tmp
2009-01-01 18:21 . 2009-01-01 18:21 120 --sh--w- c:\windows\SYSTEM32\ogenuwaw.tmp
2008-12-09 00:44 . 2008-12-09 00:44 1428212 --sh--w- c:\windows\SYSTEM32\orinarep.tmp
2008-11-19 00:27 . 2008-07-14 01:25 34105376 -csha-w- c:\windows\SYSTEM32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 16:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-03 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-30 05:31 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"CAISafe"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\32 STAT\\Desktop\\Blizzard\\Bots\\War\\GENOCIDE1.3LBETARC8\\GENOCIDE 1.3L BETA RC8\\Virtual_TLS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\siraqua\\counter-strike\\hl.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=
"c:\\WINDOWS\\SYSTEM32\\cidaemon.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6113:UDP"= 6113:UDP:bnet13
"6114:UDP"= 6114:UDP:bnet14
"6115:UDP"= 6115:UDP:bnet15
"6116:UDP"= 6116:UDP:bnet16
"6117:UDP"= 6117:UDP:bnet17
"6118:UDP"= 6118:UDP:bnet18
"6119:UDP"= 6119:UDP:bnet19
"6112:TCP"= 6112:TCP:BattleNet

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\drivers\avgldx86.sys [11/16/2008 7:00 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\drivers\avgtdix.sys [5/29/2009 10:31 PM 108552]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\SYSTEM32\drivers\sis7012.sys [11/15/2001 11:14 PM 164864]
S2 sdjjlb;sdjjlb;c:\windows\system32\drivers\sdjjlb.sys --> c:\windows\system32\drivers\sdjjlb.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [7/31/2001 5:27 PM 130332]
S3 XDva010;XDva010;\??\c:\windows\system32\XDva010.sys --> c:\windows\system32\XDva010.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
c:\windows\Tasks\At5.job

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2781504589-2856520603-1574323382-1012Core.job
- c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:35]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2781504589-2856520603-1574323382-1012UA.job
- c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:35]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{45BEF2E4-94FC-76A4-83A1-DF50DE91DB6C} - (no file)
BHO-{B85389AD-AB08-4542-8449-66E48FCB8A60} - (no file)
BHO-{e3c46f54-04c0-4b6d-9963-a5f38c4610f1} - (no file)
Toolbar-{201F07E6-5CC7-0C86-36BC-71BF79EDEC2D} - (no file)
Toolbar-{88d59889-c2e1-4095-b536-36806bd2144c} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{88D59889-C2E1-4095-B536-36806BD2144C} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
Notify-ddcYsQhF - ddcYsQhF.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail
IE: {{6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
IE: {{9A687CA6-D585-4947-9ED9-BE96071F5CD9} - {47B92A27-8252-420D-9630-378EF61434D7} -
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: virusschlacht.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.41.57.144/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - component: c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPSIStub.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 11:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,6d,64,e2,82,1a,0f,4e,ba,e2,e1,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,6d,64,e2,82,1a,0f,4e,ba,e2,e1,\

[HKEY_USERS\S-1-5-21-2781504589-2856520603-1574323382-1012\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(472)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\drivers\KodakCCS.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-30 12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 19:11

Pre-Run: 1,932,562,432 bytes free
Post-Run: 2,127,261,696 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
542 --- E O F --- 2009-07-30 05:45





Heres' HIJACKTHIS log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:50 PM, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\Checkit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {FA91B828-F937-4568-82C1-843627E63ED7} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...mp;btn=yahoomsg (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://217.41.57.144/activex/AMC.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13178 bytes



And i don't know why my recovery thing isn't installed? Combofix tried installin for me but it said it failed.
lsass.exe seems to always be on my task and startup, i looked it up it said it was a virus!! But my anti -virus didnt detect it

Edited by mariol, 30 July 2009 - 02:31 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:45 PM

Posted 31 July 2009 - 12:40 AM

Hello,

You're okay, I promise. :thumbup2: Your C:\WINDOWS\system32\lsass.exe is perfectly fine. It's not a virus.

You should know that you're actually doing more harm than good by running 2 Anti Virus programs. (ESet and AVG ) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable or uninstall the other one, and use it as an on demand only scan occasionally.

Please download the Fix_Protocol reg file from http://downloads.malwareremoval.com/Nel/FixP.zip and unzip it to your desktop.
Double click Fix_Protocol_zones_ranges.reg and allow it to merge with the registry.

Reboot your machine for the changes to take effect.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {FA91B828-F937-4568-82C1-843627E63ED7} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.virusschlacht.com


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer once again.

Now please be sure Malwarebytes' Anti-Malware is updated and have a scan. Post the report in your reply. How is it urnning? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 31 July 2009 - 11:02 AM

Actually I don't use ESET, i only use AVG, but I downloaded used ESET but i cannot remove it from my computer

#8 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 31 July 2009 - 11:46 AM

Malwarebytes' Anti-Malware 1.39
Database version: 2535
Windows 5.1.2600 Service Pack 3

7/31/2009 9:41:57 AM
mbam-log-2009-07-31 (09-41-57).txt

Scan type: Quick Scan
Objects scanned: 127159
Time elapsed: 24 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



YEAAH, Thanks so much, It doesn't redirect me anymore!!! But i have one question, how do I get rid of this ESET once and for all. I deleted the files and ran unstaller but its still here and a popup of window installer thing comes up every time I turn on my computer because of ESET!

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:45 PM

Posted 01 August 2009 - 05:14 AM

Hello,

You're welcome. :thumbup2: Still quite a bit to do though, and we'll also get rid of the Eset remnants.

Please navigate to the following file:

c:\windows\system32\XDva039.sys

Please go to VirusTotal and submit the file for a scan and post the results in your next reply.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop ekrn
sc delete ekrn
sc stop EhttpSrv
sc delete EhttpSrv
exit



Double click FixServices.bat. A window will flash open and close. This is normal.

Now delete the following folder :

C:\Program Files\ESET


* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

KILLALL::
File::
c:\windows\S8ABB94A5.tmp
c:\windows\SYSTEM32\ogenuwaw.tmp
c:\windows\SYSTEM32\orinarep.tmp
c:\windows\~DFF6.tmp
c:\windows\Downloaded Program Files.\CnsHint.cab
c:\windows\Downloaded Program Files.\cnshint.dll
c:\windows\Downloaded Program Files.\cnshook.dll.1.log
c:\windows\Downloaded Program Files.\cnshook.dll.2.log
c:\windows\Downloaded Program Files.\cnsio.dll_tobedeleted
c:\windows\Downloaded Program Files.\CnsPlus.cab
c:\windows\Downloaded Program Files.\cnsplus.dll
c:\windows\Downloaded Program Files.\CnsUp.ini
c:\windows\system32\drivers\sdjjlb.sys
c:\windows\system32\GameMon.des

Driver::
sdjjlb

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 04 August 2009 - 03:32 PM

Sorry I can't be on my personal computer for a couple days.

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:45 PM

Posted 05 August 2009 - 07:33 AM

Post when you're ready, but you should expect setbacks when you neglect to follow through with something like this. A lot of malware can regenerate itself and bring new malware aboard when it's left to its own devices.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 09 August 2009 - 11:27 AM

Oh, that sucks, well back on my computer shall we continue?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:45 PM

Posted 10 August 2009 - 02:46 PM

Hello,

Please delete ComboFix and its folder, C:\Qoobox, then reboot. Now grab a fresh copy :

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 12 August 2009 - 08:06 PM

ComboFix 09-08-10.06 - 32 STAT 08/12/2009 17:36.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.618 [GMT -7:00]
Running from: c:\documents and settings\32 STAT\Desktop\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files.\CnsHint.cab
c:\windows\Downloaded Program Files.\cnshint.dll
c:\windows\Downloaded Program Files.\cnshook.dll.1.log
c:\windows\Downloaded Program Files.\cnshook.dll.2.log
c:\windows\Downloaded Program Files.\cnsio.dll_tobedeleted
c:\windows\Downloaded Program Files.\CnsPlus.cab
c:\windows\Downloaded Program Files.\cnsplus.dll
c:\windows\Downloaded Program Files.\CnsUp.ini
c:\windows\system32\paumyojh.dll
c:\windows\Downloaded Program Files.\CnsHint.cab . . . . failed to delete
c:\windows\Downloaded Program Files.\cnshint.dll . . . . failed to delete
c:\windows\Downloaded Program Files.\cnshook.dll.1.log . . . . failed to delete
c:\windows\Downloaded Program Files.\cnshook.dll.2.log . . . . failed to delete
c:\windows\Downloaded Program Files.\cnsio.dll_tobedeleted . . . . failed to delete
c:\windows\Downloaded Program Files.\CnsPlus.cab . . . . failed to delete
c:\windows\Downloaded Program Files.\cnsplus.dll . . . . failed to delete
c:\windows\Downloaded Program Files.\CnsUp.ini . . . . failed to delete


.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-12 15:31 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 06:41 . 2009-08-08 06:42 -------- d-----w- C:\f590b73310145e214530c0775b28
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 05:11 . 2009-08-07 04:58 -------- d-----w- c:\documents and settings\32 STAT\Tracing
2009-08-05 04:54 . 2009-08-05 04:54 -------- d-----w- c:\program files\Microsoft
2009-08-05 04:53 . 2009-08-05 04:53 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-05 04:43 . 2009-08-05 04:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-30 05:38 . 2009-07-30 05:38 -------- d-----w- c:\windows\ie8updates
2009-07-30 03:39 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-30 03:39 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-26 21:08 . 2009-07-26 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-07-26 21:08 . 2009-07-26 21:23 -------- d-----w- c:\program files\SwiftKit
2009-07-20 01:16 . 2009-08-04 22:05 77163 ----a-w- c:\windows\War3Unin.dat
2009-07-20 01:16 . 2009-07-20 01:31 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-20 01:16 . 2009-07-20 01:31 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-20 01:09 . 2009-08-12 19:19 -------- d-----w- c:\program files\Warcraft III
2009-07-19 18:31 . 2009-07-19 18:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-19 16:39 . 2009-07-19 16:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-18 01:16 . 2009-08-08 17:04 -------- d-----w- c:\program files\PeerGuardian2
2009-07-17 19:59 . 2009-08-03 16:00 -------- d-----w- c:\documents and settings\32 STAT\Local Settings\Application Data\Temp
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-14 23:42 . 2009-07-14 23:42 -------- d-----w- C:\AudioConverter
2009-07-14 23:41 . 2009-07-14 23:41 -------- d-----w- c:\program files\easetech
2009-07-14 23:23 . 2009-07-15 00:27 -------- d-----w- c:\documents and settings\32 STAT\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 19:20 . 2008-07-04 06:03 34 ----a-w- c:\documents and settings\32 STAT\jagex_runescape_preferences.dat
2009-08-12 04:52 . 2005-03-04 03:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-11 00:28 . 2005-04-16 01:43 86232 -c--a-w- c:\documents and settings\32 STAT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2003-08-16 02:40 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 05:09 . 2008-01-12 02:25 -------- d-----w- c:\program files\Windows Live
2009-08-01 00:36 . 2007-06-19 00:03 -------- d-----w- c:\documents and settings\32 STAT\Application Data\uTorrent
2009-07-31 19:05 . 2008-02-23 23:39 -------- d-----w- c:\program files\Starcraft
2009-07-31 15:43 . 2008-08-15 05:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 04:55 . 2009-04-28 01:55 -------- d-----w- c:\program files\AIMTunes
2009-07-30 03:29 . 2009-04-22 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-30 02:22 . 2009-04-22 20:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 00:36 . 2008-11-09 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 00:36 . 2009-04-11 18:25 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-17 21:01 . 2008-08-20 00:36 -------- d-----w- c:\program files\FrostWire
2009-07-17 20:50 . 2009-02-15 00:52 -------- d-----w- c:\program files\Steam
2009-07-17 19:01 . 2003-08-16 01:13 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:36 . 2008-11-09 05:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-11-09 05:52 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 17:26 . 2009-07-13 17:24 -------- d-----w- c:\program files\TotalScreenRecorder
2009-07-13 16:57 . 2009-07-13 16:57 -------- d-----w- c:\program files\HyCam2
2009-07-12 00:02 . 2008-11-17 02:00 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 01:58 . 2009-06-19 00:06 -------- d-----w- c:\documents and settings\32 STAT\Application Data\U3
2009-07-03 17:09 . 2004-08-24 03:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 02:53 . 2009-06-12 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-20 02:52 . 2008-12-06 02:42 -------- d-----w- c:\program files\AIM6
2009-06-20 02:51 . 2005-03-27 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-20 02:49 . 2009-04-28 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-19 03:59 . 2009-06-19 03:59 -------- d-----w- c:\program files\Colorizer
2009-06-19 03:54 . 2009-06-19 03:54 -------- d-----w- c:\program files\Boletrice AIM Fader
2009-06-17 23:06 . 2007-08-25 02:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 16:29 . 2009-07-06 05:17 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-16 14:36 . 2002-06-08 18:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-06-08 18:16 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 04:21 . 2009-06-15 04:21 -------- d-----w- c:\documents and settings\32 STAT\Application Data\Arcsoft
2009-06-15 04:21 . 2009-06-15 03:51 -------- d-----w- c:\program files\Palm
2009-06-15 03:53 . 2009-06-15 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HotSync
2009-06-15 03:53 . 2009-06-15 03:53 -------- d-----w- c:\documents and settings\32 STAT\Application Data\HotSync
2009-06-12 12:31 . 2003-08-16 03:27 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2003-08-16 02:39 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2003-08-16 01:13 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2002-06-08 18:17 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-13 17:28 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 03:52 . 2009-06-03 03:52 45056 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut2_E14B8A0842B346769E911D39F8158DA1.exe
2009-06-03 03:52 . 2009-06-03 03:52 45056 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut1_E14B8A0842B346769E911D39F8158DA1.exe
2009-05-30 05:31 . 2008-11-17 02:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-30 05:31 . 2009-05-30 05:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-29 01:35 . 2009-05-29 01:34 110574 ----a-w- c:\windows\~DFF6.tmp
2009-05-27 04:46 . 2009-05-27 04:46 32 --s-a-w- c:\windows\system32\2291948809.dat
2009-05-19 08:36 . 2009-06-20 02:49 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 08:36 . 2009-06-20 02:49 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 08:36 . 2009-06-20 02:49 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-06-20 02:49 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-06-20 02:49 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-06-20 02:49 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-06-20 02:49 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 08:36 . 2009-06-20 02:49 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-01-29 01:49 . 2009-01-29 01:49 62976 ----a-w- c:\program files\mozilla firefox\plugins\uc_sfighters_launching.dll
2008-06-04 02:37 . 2008-06-04 02:36 24 --sh--w- c:\windows\S8ABB94A5.tmp
2009-01-01 18:21 . 2009-01-01 18:21 120 --sh--w- c:\windows\SYSTEM32\ogenuwaw.tmp
2008-12-09 00:44 . 2008-12-09 00:44 1428212 --sh--w- c:\windows\SYSTEM32\orinarep.tmp
2008-11-19 00:27 . 2008-07-14 01:25 34105376 -csha-w- c:\windows\SYSTEM32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 16:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-03 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-30 05:31 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"CAISafe"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\32 STAT\\Desktop\\Blizzard\\Bots\\War\\GENOCIDE1.3LBETARC8\\GENOCIDE 1.3L BETA RC8\\Virtual_TLS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\siraqua\\counter-strike\\hl.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=
"c:\\WINDOWS\\SYSTEM32\\cidaemon.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6113:UDP"= 6113:UDP:bnet13
"6114:UDP"= 6114:UDP:bnet14
"6115:UDP"= 6115:UDP:bnet15
"6116:UDP"= 6116:UDP:bnet16
"6117:UDP"= 6117:UDP:bnet17
"6118:UDP"= 6118:UDP:bnet18
"6119:UDP"= 6119:UDP:bnet19
"6112:TCP"= 6112:TCP:BattleNet

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\drivers\avgldx86.sys [11/16/2008 7:00 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\drivers\avgtdix.sys [5/29/2009 10:31 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/29/2009 10:30 PM 298776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/24/2008 10:02 AM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/27/2009 6:54 PM 24652]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\SYSTEM32\drivers\sis7012.sys [11/15/2001 11:14 PM 164864]
S2 sdjjlb;sdjjlb;c:\windows\system32\drivers\sdjjlb.sys --> c:\windows\system32\drivers\sdjjlb.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [7/31/2001 5:27 PM 130332]
S3 XDva010;XDva010;\??\c:\windows\system32\XDva010.sys --> c:\windows\system32\XDva010.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2781504589-2856520603-1574323382-1012Core.job
- c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:35]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2781504589-2856520603-1574323382-1012UA.job
- c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:35]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail
IE: {{6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
IE: {{9A687CA6-D585-4947-9ED9-BE96071F5CD9} - {47B92A27-8252-420D-9630-378EF61434D7} -
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.41.57.144/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - component: c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPSIStub.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,6d,64,e2,82,1a,0f,4e,ba,e2,e1,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,6d,64,e2,82,1a,0f,4e,ba,e2,e1,\

[HKEY_USERS\S-1-5-21-2781504589-2856520603-1574323382-1012\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(460)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\drivers\KodakCCS.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2009-08-13 18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 01:04
ComboFix2.txt 2009-07-30 19:11

Pre-Run: 7,120,777,216 bytes free
Post-Run: 7,171,096,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
331 --- E O F --- 2009-08-13 00:19


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:42 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\32 STAT\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\Checkit.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...mp;btn=yahoomsg (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://217.41.57.144/activex/AMC.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12288 bytes

#15 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 19 August 2009 - 12:59 PM

7 days and a pm, still no reply, no notification of being away... i think this deserves a HUGE bump.

Edited by mariol, 19 August 2009 - 01:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users