Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System slow down's XP(Rogue.WinAntiVirus) + plus other Nasty's


  • This topic is locked This topic is locked
19 replies to this topic

#1 Ravenous33

Ravenous33

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 09 August 2009 - 09:49 PM

I could really use some expert hands in dealing with this. My main key that I have something wrong is I have 2-4 Iexplore's running in my task manager at any given time. I need to head into my process manager to shut them all down. Second problem is I have a really decent machine, but am running into major speed bumps were it takes anywhere from 20 seconds for IE8 to load if not longer and well frankly everything is running slow

Dual Core P4 3.4 gig proc (old I know but fine for what I need for now)
2 gigs of Ram
Win Xp Home

mbam Log

Malwarebytes' Anti-Malware 1.40
Database version: 2587
Windows 5.1.2600 Service Pack 3

8/9/2009 6:04:57 PM
mbam-log-2009-08-09 (18-04-57).txt

Scan type: Quick Scan
Objects scanned: 102439
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:33 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hoc-clan.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\Dtools2\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [HOTASMode] "C:\Program Files\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BU "/PC:\Program Files\HOTAS\Profiles\Raven.tmc"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230224903687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230224890093
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.5.0_15) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.oasiz.net/chat/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13154 bytes

Edited by Ravenous33, 09 August 2009 - 09:52 PM.


BC AdBot (Login to Remove)

 


#2 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 13 August 2009 - 03:16 PM

Wow, this place is very busy! My apologize for the bump, just hoping I did not slip to many pages back, as I am still looking for help! But noticed this post already had 30 veiws and there were some newer posts that have already got some help.
Thanks again for your time and Great job on this place!

===========

Hello

As you can see, we are EXTREMELY busy. Because of the vast quantity of logs posted, we have devised a means of seeing only those topics with no responses yet. If anyone, other than a person ready to help you, responded to your topic, it would get lost as it would no longer appear in that list. That is why I have made an edit to your last post, instead of a reply.

Our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I would suggest checking your topic for responses once a day.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 13 August 2009 - 03:23 PM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:30 AM

Posted 21 August 2009 - 01:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 21 August 2009 - 07:17 AM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ravenous at 7:06:36.26 on Fri 08/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ravenous\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hoc-clan.com/index.php
uWindow Title = Microsoft Internet Explorer presented by Comcast
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Pro Agent] "c:\program files\dtools2\daemon tools pro\DTProAgent.exe"
uRun: [HOTASMode] "c:\program files\hotas\hotasconfig.exe" /mode /foxy /au /dm /bu "/pc:\program files\hotas\profiles\Raven.tmc"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [ImpulseFastStart] "c:\program files\stardock\impulse\Impulse.exe" /fastload
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [ypagerps] cmd.exe /C del "c:\program files\yahoo!\messenger\ypagerps.dll"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [EasyTuneV] c:\program files\gigabyte\et5\ETcall.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\ravenous\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230224903687
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230224890093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.oasiz.net/chat/controls/msnchat45.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-8 298776]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-8-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2008-6-11 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2008-6-11 36384]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [2004-7-26 56576]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\STTub203.sys [2008-3-13 40312]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
S4 Microsoft System Management;Microsoft System Management;c:\windows\system32\system.exe --> c:\windows\system32\system.exe [?]

=============== Created Last 30 ================

2009-08-18 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-18 16:47 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-08-18 16:47 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-18 16:47 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-08-17 23:06 <DIR> --d----- c:\program files\Cryptic Studios
2009-08-11 12:06 645,152 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:06 9,680 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-11 11:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-11 11:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-11 11:56 <DIR> --d----- c:\docume~1\ravenous\applic~1\SUPERAntiSpyware.com
2009-08-09 16:58 <DIR> --d----- c:\program files\Trend Micro
2009-08-09 16:58 <DIR> --d----- c:\docume~1\ravenous\applic~1\Malwarebytes
2009-08-09 16:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 16:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-09 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-28 12:42 <DIR> --dsh--- c:\documents and settings\ravenous\PrivacIE
2009-07-28 11:32 <DIR> --dsh--- c:\documents and settings\ravenous\IETldCache
2009-07-28 11:28 <DIR> --d----- c:\windows\ie8updates
2009-07-28 11:28 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-28 11:25 <DIR> -cd-h--- c:\windows\ie8
2009-07-28 02:03 <DIR> --d----- c:\windows\system32\scripting
2009-07-28 02:03 <DIR> --d----- c:\windows\system32\en
2009-07-28 02:03 <DIR> --d----- c:\windows\l2schemas
2009-07-28 01:31 397,312 -------- c:\windows\system32\mmcex.dll

==================== Find3M ====================

2009-07-28 02:04 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 08:03 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 13:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 13:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 13:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 13:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 13:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 13:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 13:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 13:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-07-01 09:59 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\SET72C.tmp
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-09-30 14:03 22,328 a------- c:\docume~1\ravenous\applic~1\PnkBstrK.sys

============= FINISH: 7:07:22.59 ===============

#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:30 AM

Posted 22 August 2009 - 05:54 PM

Hi,

Please post contents of attach.txt file that got created when you ran DDS.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 22 August 2009 - 06:10 PM

Please Note, I do run smart close before playing games to shut down anything not needed.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2006 11:26:49 AM
System Uptime: 8/18/2009 4:55:02 PM (97 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 965P-S3
Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 775 | 3215/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 15.49 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 151 GiB total, 77.033 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_E0001458&REV_12\4&19FEE395&0&00E4
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_E0001458&REV_12\4&19FEE395&0&00E4
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


@BIOS Ver.2.03
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AGEIA PhysX v7.09.13
AOL Instant Messenger
ArmA Queen's Gambit Uninstall
ArmA Uninstall
ArmA2 Demo Uninstall
AutoUpdate
AVG Free 8.5
Azureus
Battlefield 2™
Battlefield 2142
Battlefield 2142 Server
BattlEye Uninstall
CDDRV_Installer
Champions Online
Choice Guard
City of Villains/City of Heroes (remove only)
Creative Audio Control Panel
Creative Console Launcher
Creative Media Toolbox
Creative MediaSource
Creative MediaSource 5
Creative MediaSource DVD-Audio Player
Creative System Information
Creative WaveStudio 7
Critical Update for Windows Media Player 11 (KB959772)
DCS Black Shark
DDS Thumbnail Viewer
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DMIView
Duplicate File Finder 1.1.0.0
EA Download Manager
EasyTune5
Falcon 4.0
FlashFXP v3
Foxy HOTAS Cougar Edition v4.0
Galactic Civilizations II
GCN
Gigabyte Raid Configurer
Google Toolbar for Internet Explorer
Google Video Player
Hamachi 1.0.3.0
HeroStats
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HiTiles
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
ICQ6
IGN Download Manager 2.2.2
Impulse
Installer
Intellex Player
IrfanView (remove only)
Java™ 6 Update 15
K-Lite Codec Pack 2.76 Full
KhalInstallWrapper
Logitech GamePanel Software 2.02
Logitech Gaming Software 5.02
Logitech SetPoint
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Mids' Hero/Villain Designer
mIRC
Mozilla Firefox (2.0.0.20)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Ultra Edition
neroxml
Neverwinter Nights 2
Neverwinter Nights Platinum Edition
nLite 1.4.9.1
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenAL
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
Smart Defrag 1.02
SmartClose 1.1
Sound Blaster X-Fi
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
SSF Realism Mod v3.1 For TSS
Stardock Central
Stomp RecordNow MAX
SUPERAntiSpyware Free Edition
SWAT 4
SWAT 4 - The Stetchkov Syndicate
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Thrustmaster Hotas Cougar Drivers
TrackIR4
TurboTax 2008
TurboTax 2008 wiliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Uplink
Vampire - The Masquerade Bloodlines
VC80CRTRedist - 8.0.50727.762
VCDEasy
Ventrilo Client
VidiotMaps Map Overlay
VLC media player 1.0.0
Volume Panel
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XviD Media Codec 1.1.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/21/2009 5:56:10 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 5:00:38 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 5:00:38 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 5:00:38 PM, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 5:00:38 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/18/2009 5:00:28 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 5:00:25 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 4:55:58 PM, error: Service Control Manager [7000] - The BuddyVM service failed to start due to the following error: The system cannot find the path specified.
8/17/2009 12:10:06 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/16/2009 5:26:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/16/2009 5:13:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

==== End Of File ===========================

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:30 AM

Posted 23 August 2009 - 02:04 AM

Hi,

You seem to have p2p file sharing software (Azureus) installed there. Nowadays, big part of infections are received from dubious p2p downloads. To lower infection risk I recommend to uninstall such software.


Get updates 9.1.2 and 9.1.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Spybot - Search & Destroy 1.4 is outdated version and should be replaced with version 1.6.2

Mozilla Firefox (2.0.0.20) is outdated too. Replace it with Firefox 3.5.2 version.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 23 August 2009 - 02:57 PM

Please Note, I have not rebooted my computer in a few days so everything is still closed from Smart Close

ComboFix 09-08-22.06 - Ravenous 08/23/2009 14:35.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1495 [GMT -5:00]
Running from: c:\documents and settings\Ravenous\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1073b4.msp
c:\windows\Installer\1073b8.msp
c:\windows\Installer\1073bc.msp
c:\windows\Installer\1073c0.msp
c:\windows\Installer\1073c4.msp
c:\windows\Installer\1073c8.msp
c:\windows\Installer\1073cc.msp
c:\windows\Installer\1073d0.msp
c:\windows\Installer\1a3010.msp
c:\windows\Installer\1a3014.msp
c:\windows\Installer\1a3018.msp
c:\windows\Installer\1a301c.msp
c:\windows\Installer\1a3020.msp
c:\windows\Installer\1a3024.msp
c:\windows\Installer\1a3028.msp
c:\windows\Installer\1a302c.msp
c:\windows\Installer\78689f27.msp
c:\windows\Installer\78689fc2.msp
c:\windows\Installer\78689fc7.msp
c:\windows\Installer\78689fcc.msp
c:\windows\Installer\78689fd1.msp
c:\windows\Installer\78689fd5.msp
c:\windows\Installer\78689fda.msp
c:\windows\Installer\78689fdf.msp
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 12:15 . 2009-08-23 12:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 22:52 . 2009-08-19 22:52 -------- d-----w- c:\documents and settings\Ravenous\Local Settings\Application Data\Yahoo
2009-08-19 22:51 . 2009-08-19 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-19 22:51 . 2009-08-19 22:51 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\Yahoo!
2009-08-18 21:48 . 2009-08-18 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-18 21:47 . 2009-07-14 18:54 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-18 21:47 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-18 21:47 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-18 04:06 . 2009-08-18 05:54 -------- d-----w- c:\program files\Cryptic Studios
2009-08-11 17:06 . 2009-08-11 17:09 645152 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-11 16:57 . 2009-08-11 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 16:56 . 2009-08-11 16:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 16:56 . 2009-08-11 16:56 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\SUPERAntiSpyware.com
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\program files\Trend Micro
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\Malwarebytes
2009-08-09 21:58 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-09 21:58 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 17:42 . 2009-07-28 17:42 -------- d-sh--w- c:\documents and settings\Ravenous\PrivacIE
2009-07-28 16:32 . 2009-07-28 16:32 -------- d-sh--w- c:\documents and settings\Ravenous\IETldCache
2009-07-28 16:28 . 2009-07-28 16:28 -------- d-----w- c:\windows\ie8updates
2009-07-28 16:28 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-28 16:25 . 2009-07-28 16:28 -------- dc-h--w- c:\windows\ie8
2009-07-28 16:25 . 2009-07-28 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-28 16:24 . 2009-08-23 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 16:24 . 2009-08-23 12:13 -------- d-----w- c:\program files\NOS
2009-07-28 07:03 . 2009-07-28 07:03 -------- d-----w- c:\windows\system32\scripting
2009-07-28 07:03 . 2009-07-28 07:03 -------- d-----w- c:\windows\system32\en
2009-07-28 07:03 . 2009-07-28 07:03 -------- d-----w- c:\windows\l2schemas
2009-07-28 06:31 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 17:13 . 2009-04-30 16:23 -------- d-----w- c:\program files\City of Heroes
2009-08-23 12:17 . 2006-08-21 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 12:16 . 2006-08-21 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-21 21:50 . 2009-07-13 03:13 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\vlc
2009-08-19 22:52 . 2006-08-21 22:58 -------- d-----w- c:\program files\Java
2009-08-19 22:51 . 2007-03-25 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-19 22:51 . 2007-03-25 15:50 -------- d-----w- c:\program files\Yahoo!
2009-08-18 21:58 . 2008-11-01 23:03 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\Hamachi
2009-08-18 21:44 . 2007-07-04 17:27 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-18 04:29 . 2006-08-21 23:00 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\Azureus
2009-08-18 04:21 . 2006-08-21 22:58 -------- d-----w- c:\program files\Azureus
2009-08-18 04:19 . 2006-08-21 17:23 70544 ----a-w- c:\documents and settings\Ravenous\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 17:06 . 2006-08-21 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 17:05 . 2008-02-25 13:18 -------- d-----w- c:\program files\WWW File Share Pro
2009-08-17 17:04 . 2008-11-16 17:57 -------- d-----w- c:\program files\Uniblue
2009-08-17 17:03 . 2008-11-16 17:59 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\uniblue
2009-08-17 17:03 . 2008-11-16 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-17 17:00 . 2006-08-23 14:02 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\IGN_DLM
2009-08-11 17:09 . 2009-08-11 17:06 9680 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-11 16:56 . 2006-08-21 18:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 13:52 . 2006-08-21 23:15 -------- d-----w- c:\program files\Winamp
2009-07-28 16:11 . 2009-04-20 06:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-28 07:04 . 2006-08-21 16:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-07-25 10:23 . 2009-01-20 04:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 18:41 . 2007-02-22 14:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-21 18:38 . 2009-07-21 18:38 -------- d-----w- c:\program files\Microsoft
2009-07-21 18:38 . 2007-07-26 22:00 -------- d-----w- c:\program files\Windows Live
2009-07-21 18:37 . 2009-07-21 18:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-21 18:27 . 2009-04-01 04:35 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-21 18:14 . 2008-09-05 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-21 18:13 . 2007-03-19 21:43 -------- d-----w- c:\program files\MSBuild
2009-07-21 17:55 . 2006-12-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-21 17:55 . 2006-12-01 00:58 -------- d-----w- c:\program files\Viewpoint
2009-07-21 17:42 . 2008-12-08 22:08 -------- d-----w- c:\program files\MYMA Decoder and Viewer
2009-07-21 17:42 . 2006-10-18 00:03 -------- d-----w- c:\program files\FlashFXP
2009-07-19 02:57 . 2009-06-05 13:41 -------- d-----w- c:\program files\HeroStats
2009-07-18 20:17 . 2006-11-20 17:42 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\InstallShield
2009-07-18 13:03 . 2009-01-19 14:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 18:54 . 2007-12-05 07:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2007-04-19 18:26 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-04-19 18:26 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-04-19 18:26 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-04-19 18:26 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2007-01-28 01:52 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2004-08-04 07:56 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2004-08-04 05:29 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:35 . 2009-07-14 18:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 18:35 . 2009-07-14 18:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 18:35 . 2009-07-14 18:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 18:35 . 2009-07-14 18:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 18:34 . 2009-07-14 18:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 18:34 . 2009-07-14 18:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 18:34 . 2009-07-14 18:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 18:34 . 2009-07-14 18:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 18:34 . 2009-07-14 18:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 18:34 . 2009-07-14 18:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 18:34 . 2009-07-14 18:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 18:34 . 2009-07-14 18:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 18:34 . 2009-07-14 18:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-10 12:01 . 2007-01-28 01:18 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-06 01:36 . 2009-07-06 01:36 -------- d-----w- c:\program files\Bohemia Interactive
2009-07-05 04:24 . 2009-07-05 03:47 -------- d-----w- c:\program files\nLite
2009-07-05 03:57 . 2009-07-05 03:57 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-07-05 03:57 . 2009-07-05 03:57 -------- d-----w- c:\docume~1\Ravenous\APPLIC~1\Intel
2009-07-01 14:59 . 2009-02-08 15:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 14:59 . 2009-01-19 14:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2009-06-03 19:27 1290752 ----a-w- c:\windows\system32\SET72C.tmp
2009-06-03 19:09 . 2001-08-18 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-08-21 190024]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"DAEMON Tools Pro Agent"="c:\program files\Dtools2\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"HOTASMode"="c:\program files\HOTAS\HOTASConfig.exe" [2004-07-14 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2009-05-15 1103216]
"ImpulseFastStart"="c:\program files\Stardock\Impulse\Impulse.exe" [2008-11-18 1766768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-04-26 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall Adobe Download Manager"="c:\program files\NOS\bin\getPlus_Helper.dll" [2009-08-07 45816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856]

c:\documents and settings\Ravenous\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-1 625952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-7-15 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 14:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"OfficeSIP Server"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Atari\\ArmA\\arma.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2 Demo\\ArmA2Demo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/19/2009 9:14 AM 335752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/8/2009 10:21 AM 298776]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys --> c:\program files\VMLaunch\BuddyVM.sys [?]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/21/2008 11:55 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/18/2001 7:00 AM 14336]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [6/11/2008 2:20 PM 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [6/11/2008 2:31 PM 36384]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [7/26/2004 12:54 PM 56576]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\STTub203.sys [3/13/2008 11:01 PM 40312]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:19 PM 50048]
S4 Microsoft System Management;Microsoft System Management;c:\windows\system32\system.exe --> c:\windows\system32\system.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GETPLUSHELPER
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - SR
*NewlyCreated* - YAHOOAUSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{40DAD1B9-DDCF-4A31-A5D3-A03BC8881370} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hoc-clan.com/index.php
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95}
FF - ProfilePath - c:\docume~1\Ravenous\APPLIC~1\Mozilla\Firefox\Profiles\9x6fkdc8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hoc-clan.com/index.php
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 14:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HOTASMode = "c:\program files\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BU "/Pc:\program files\HOTAS\Profiles\Raven.tmc"?~????????B??D????2&C~B??Dk????DE~??p??????????????????????????????1??????????????/??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-926492609-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,ee,7c,e1,e0,af,3a,ec,b0,48,8d,85,49,fc,30,17,d7,63,93,b4,bc,54,3f,
38,fa,9b,7c,68,48,5d,27,58,db,82,cd,f1,4b,0d,6f,43,b6,83,f6,de,eb,6c,8f,b6,\
"??"=hex:38,75,d6,96,1b,f0,33,56,98,85,93,1b,de,32,4b,f4

[HKEY_USERS\S-1-5-21-436374069-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:1d,b7,08,1f,12,37,a1,de,ab,be,26,50,cf,26,da,80,bb,69,93,95,15,
54,c7,47,bc,c6,a3,ad,db,89,1f,5e,02,ba,5a,96,93,6b,2e,e5,e0,74,94,7d,f9,c5,\
"rkeysecu"=hex:87,f8,96,99,e6,2e,3c,0e,92,49,cc,fb,38,53,f9,d6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
Completion time: 2009-08-23 14:42
ComboFix-quarantined-files.txt 2009-08-23 19:41

Pre-Run: 16,413,671,424 bytes free
Post-Run: 17,113,874,432 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
399

----------------

#9 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 23 August 2009 - 03:05 PM

Please Note, I had forgot I left the forums open before running this scan here (yes I had disconected from the net). It lists 3 iexplorer's as being open



DDS (Ver_09-07-30.01) - NTFSx86
Run by Ravenous at 14:54:06.15 on Sun 08/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1380 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Ravenous\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hoc-clan.com/index.php
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Pro Agent] "c:\program files\dtools2\daemon tools pro\DTProAgent.exe"
uRun: [HOTASMode] "c:\program files\hotas\hotasconfig.exe" /mode /foxy /au /dm /bu "/pc:\program files\hotas\profiles\Raven.tmc"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [ImpulseFastStart] "c:\program files\stardock\impulse\Impulse.exe" /fastload
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [EasyTuneV] c:\program files\gigabyte\et5\ETcall.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /Get1noarp
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\ravenous\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230224903687
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230224890093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.oasiz.net/chat/controls/msnchat45.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ravenous\applic~1\mozilla\firefox\profiles\9x6fkdc8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hoc-clan.com/index.php
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-8 298776]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-8-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2001-8-18 14336]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2008-6-11 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2008-6-11 36384]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [2004-7-26 56576]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\STTub203.sys [2008-3-13 40312]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
S4 Microsoft System Management;Microsoft System Management;c:\windows\system32\system.exe --> c:\windows\system32\system.exe [?]

=============== Created Last 30 ================

2009-08-23 14:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-23 14:31 <DIR> a-dshr-- C:\cmdcons
2009-08-23 14:30 229,376 a------- c:\windows\PEV.exe
2009-08-23 14:30 161,792 a------- c:\windows\SWREG.exe
2009-08-23 14:30 98,816 a------- c:\windows\sed.exe
2009-08-23 14:30 <DIR> --ds---- C:\ComboFix
2009-08-18 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-18 16:47 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-08-18 16:47 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-18 16:47 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-08-17 23:06 <DIR> --d----- c:\program files\Cryptic Studios
2009-08-11 12:06 645,152 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:06 9,680 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-11 11:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-11 11:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-11 11:56 <DIR> --d----- c:\docume~1\ravenous\applic~1\SUPERAntiSpyware.com
2009-08-09 16:58 <DIR> --d----- c:\program files\Trend Micro
2009-08-09 16:58 <DIR> --d----- c:\docume~1\ravenous\applic~1\Malwarebytes
2009-08-09 16:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 16:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-09 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-28 12:42 <DIR> --dsh--- c:\documents and settings\ravenous\PrivacIE
2009-07-28 11:32 <DIR> --dsh--- c:\documents and settings\ravenous\IETldCache
2009-07-28 11:28 <DIR> --d----- c:\windows\ie8updates
2009-07-28 11:28 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-28 11:25 <DIR> -cd-h--- c:\windows\ie8
2009-07-28 02:03 <DIR> --d----- c:\windows\system32\scripting
2009-07-28 02:03 <DIR> --d----- c:\windows\system32\en
2009-07-28 02:03 <DIR> --d----- c:\windows\l2schemas
2009-07-28 01:31 397,312 -------- c:\windows\system32\mmcex.dll

==================== Find3M ====================

2009-07-28 02:04 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 08:03 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 13:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 13:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 13:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 13:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 13:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 13:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 13:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 13:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-07-01 09:59 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\SET72C.tmp
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-09-30 14:03 22,328 a------- c:\docume~1\ravenous\applic~1\PnkBstrK.sys

============= FINISH: 14:54:27.98 ===============

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:30 AM

Posted 24 August 2009 - 01:14 AM

Hi,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

Driver::
"Microsoft System Management"
File::
c:\windows\system32\system.exe
FixCSet::
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Get updates 9.1.2 and 9.1.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read the requirements and privacy statement then click on the Accept button.
  • The program will launch and start to download the latest definition files.
  • You will be prompted to install an application from Kaspersky. Click Run
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • Click on Save Report As....
  • Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Save this report to a convenient place.
  • Copy and paste that information & fresh dds.txt log into your topic. How's the system running?
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 August 2009 - 07:55 AM

Here is the log, completing the other steps now

ComboFix 09-08-23.01 - Ravenous 08/24/2009 7:24.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1427 [GMT -5:00]
Running from: c:\documents and settings\Ravenous\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravenous\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\system.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MICROSOFT_SYSTEM_MANAGEMENT
-------\Service_Microsoft System Management


((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-23 12:15 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Ravenous\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-23 12:15 . 2009-08-23 12:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-23 12:14 . 2009-08-23 12:14 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-19 22:52 . 2009-08-19 22:52 -------- d-----w- c:\documents and settings\Ravenous\Local Settings\Application Data\Yahoo
2009-08-19 22:51 . 2009-08-19 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-19 22:51 . 2009-08-19 22:51 -------- d-----w- c:\documents and settings\Ravenous\Application Data\Yahoo!
2009-08-19 22:49 . 2009-05-27 00:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-08-19 22:02 . 2009-08-19 22:02 152576 ----a-w- c:\documents and settings\Ravenous\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-18 21:48 . 2009-08-18 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-18 21:47 . 2009-07-14 18:54 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-18 21:47 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-18 21:47 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-18 04:06 . 2009-08-18 05:54 -------- d-----w- c:\program files\Cryptic Studios
2009-08-11 17:06 . 2009-08-11 17:09 645152 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-11 16:57 . 2009-08-24 12:36 117760 ----a-w- c:\documents and settings\Ravenous\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-11 16:57 . 2009-08-11 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 16:56 . 2009-08-11 16:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 16:56 . 2009-08-11 16:56 -------- d-----w- c:\documents and settings\Ravenous\Application Data\SUPERAntiSpyware.com
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\program files\Trend Micro
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\documents and settings\Ravenous\Application Data\Malwarebytes
2009-08-09 21:58 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 21:58 . 2009-08-09 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-09 21:58 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 17:42 . 2009-07-28 17:42 -------- d-sh--w- c:\documents and settings\Ravenous\PrivacIE
2009-07-28 16:32 . 2009-07-28 16:32 -------- d-sh--w- c:\documents and settings\Ravenous\IETldCache
2009-07-28 16:28 . 2009-07-28 16:28 -------- d-----w- c:\windows\ie8updates
2009-07-28 16:28 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-28 16:25 . 2009-07-28 16:28 -------- dc-h--w- c:\windows\ie8
2009-07-28 16:25 . 2009-07-28 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-28 16:25 . 2009-07-28 16:25 152576 ----a-w- c:\documents and settings\Ravenous\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-28 16:24 . 2009-08-23 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 16:24 . 2009-08-23 12:13 -------- d-----w- c:\program files\NOS
2009-07-28 07:03 . 2009-07-28 07:03 -------- d-----w- c:\windows\system32\scripting
2009-07-28 07:03 . 2009-07-28 07:03 -------- d-----w- c:\windows\system32\en
2009-07-28 07:03 . 2009-07-28 07:03 -------- d-----w- c:\windows\l2schemas
2009-07-28 06:31 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 12:34 . 2006-08-21 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-24 12:20 . 2006-08-21 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 00:23 . 2009-04-30 16:23 -------- d-----w- c:\program files\City of Heroes
2009-08-21 21:50 . 2009-07-13 03:13 -------- d-----w- c:\documents and settings\Ravenous\Application Data\vlc
2009-08-19 22:52 . 2006-08-21 22:58 -------- d-----w- c:\program files\Java
2009-08-19 22:51 . 2007-03-25 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-19 22:51 . 2007-03-25 15:50 -------- d-----w- c:\program files\Yahoo!
2009-08-18 21:58 . 2008-11-01 23:03 -------- d-----w- c:\documents and settings\Ravenous\Application Data\Hamachi
2009-08-18 21:44 . 2007-07-04 17:27 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-18 04:29 . 2006-08-21 23:00 -------- d-----w- c:\documents and settings\Ravenous\Application Data\Azureus
2009-08-18 04:21 . 2006-08-21 22:58 -------- d-----w- c:\program files\Azureus
2009-08-18 04:19 . 2006-08-21 17:23 70544 ----a-w- c:\documents and settings\Ravenous\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 17:06 . 2006-08-21 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 17:05 . 2008-02-25 13:18 -------- d-----w- c:\program files\WWW File Share Pro
2009-08-17 17:04 . 2008-11-16 17:57 -------- d-----w- c:\program files\Uniblue
2009-08-17 17:03 . 2008-11-16 17:59 -------- d-----w- c:\documents and settings\Ravenous\Application Data\uniblue
2009-08-17 17:03 . 2008-11-16 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-17 17:00 . 2006-08-23 14:02 -------- d-----w- c:\documents and settings\Ravenous\Application Data\IGN_DLM
2009-08-11 17:09 . 2009-08-11 17:06 9680 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-11 16:56 . 2006-08-21 18:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 13:52 . 2006-08-21 23:15 -------- d-----w- c:\program files\Winamp
2009-07-28 16:11 . 2009-04-20 06:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-28 07:04 . 2006-08-21 16:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-07-25 10:23 . 2009-01-20 04:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 18:41 . 2007-02-22 14:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-21 18:38 . 2009-07-21 18:38 -------- d-----w- c:\program files\Microsoft
2009-07-21 18:38 . 2007-07-26 22:00 -------- d-----w- c:\program files\Windows Live
2009-07-21 18:37 . 2009-07-21 18:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-21 18:27 . 2009-04-01 04:35 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-21 18:14 . 2008-09-05 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-21 18:13 . 2007-03-19 21:43 -------- d-----w- c:\program files\MSBuild
2009-07-21 17:55 . 2006-12-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-21 17:55 . 2006-12-01 00:58 -------- d-----w- c:\program files\Viewpoint
2009-07-21 17:42 . 2008-12-08 22:08 -------- d-----w- c:\program files\MYMA Decoder and Viewer
2009-07-21 17:42 . 2006-10-18 00:03 -------- d-----w- c:\program files\FlashFXP
2009-07-19 02:57 . 2009-06-05 13:41 -------- d-----w- c:\program files\HeroStats
2009-07-18 20:17 . 2006-11-20 17:42 -------- d-----w- c:\documents and settings\Ravenous\Application Data\InstallShield
2009-07-18 13:03 . 2009-01-19 14:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 18:54 . 2007-12-05 07:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2007-04-19 18:26 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-04-19 18:26 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-04-19 18:26 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-04-19 18:26 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2007-01-28 01:52 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2004-08-04 07:56 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2004-08-04 05:29 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:35 . 2009-07-14 18:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 18:35 . 2009-07-14 18:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 18:35 . 2009-07-14 18:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 18:35 . 2009-07-14 18:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 18:34 . 2009-07-14 18:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 18:34 . 2009-07-14 18:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 18:34 . 2009-07-14 18:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 18:34 . 2009-07-14 18:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 18:34 . 2009-07-14 18:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 18:34 . 2009-07-14 18:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 18:34 . 2009-07-14 18:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 18:34 . 2009-07-14 18:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 18:34 . 2009-07-14 18:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-10 12:01 . 2007-01-28 01:18 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-06 01:36 . 2009-07-06 01:36 -------- d-----w- c:\program files\Bohemia Interactive
2009-07-05 04:24 . 2009-07-05 03:47 -------- d-----w- c:\program files\nLite
2009-07-05 03:57 . 2009-07-05 03:57 -------- d-----w- c:\documents and settings\Ravenous\Application Data\Intel
2009-07-05 03:57 . 2009-07-05 03:57 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-07-01 14:59 . 2009-02-08 15:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 14:59 . 2009-01-19 14:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2009-06-03 19:27 1290752 ----a-w- c:\windows\system32\SET72C.tmp
2009-06-03 19:09 . 2001-08-18 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-23_19.39.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 12:36 . 2009-08-24 12:36 16384 c:\windows\temp\Perflib_Perfdata_820.dat
+ 2009-08-24 12:34 . 2009-08-24 12:34 16384 c:\windows\temp\Perflib_Perfdata_13c.dat
+ 2009-02-27 17:39 . 2009-02-27 17:39 1302760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JSByteCodeWin.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-08-21 190024]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"DAEMON Tools Pro Agent"="c:\program files\Dtools2\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"HOTASMode"="c:\program files\HOTAS\HOTASConfig.exe" [2004-07-14 495616]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2009-05-15 1103216]
"ImpulseFastStart"="c:\program files\Stardock\Impulse\Impulse.exe" [2008-11-18 1766768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-04-26 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856]

c:\documents and settings\Ravenous\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-1 625952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-7-15 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 14:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"OfficeSIP Server"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Atari\\ArmA\\arma.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2 Demo\\ArmA2Demo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/19/2009 9:14 AM 335752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/8/2009 10:21 AM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys --> c:\program files\VMLaunch\BuddyVM.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/21/2008 11:55 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [6/11/2008 2:20 PM 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [6/11/2008 2:31 PM 36384]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [7/26/2004 12:54 PM 56576]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\STTub203.sys [3/13/2008 11:01 PM 40312]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:19 PM 50048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hoc-clan.com/index.php
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95}
FF - ProfilePath - c:\documents and settings\Ravenous\Application Data\Mozilla\Firefox\Profiles\9x6fkdc8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hoc-clan.com/index.php
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 07:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-926492609-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,ee,7c,e1,e0,af,3a,ec,b0,48,8d,85,49,fc,30,17,d7,63,93,b4,bc,54,3f,
38,fa,9b,7c,68,48,5d,27,58,db,82,cd,f1,4b,0d,6f,43,b6,83,f6,de,eb,6c,8f,b6,\
"??"=hex:38,75,d6,96,1b,f0,33,56,98,85,93,1b,de,32,4b,f4

[HKEY_USERS\S-1-5-21-436374069-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:1d,b7,08,1f,12,37,a1,de,ab,be,26,50,cf,26,da,80,bb,69,93,95,15,
54,c7,47,bc,c6,a3,ad,db,89,1f,5e,02,ba,5a,96,93,6b,2e,e5,e0,74,94,7d,f9,c5,\
"rkeysecu"=hex:87,f8,96,99,e6,2e,3c,0e,92,49,cc,fb,38,53,f9,d6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(388)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTxfispi.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-08-24 7:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 12:42
ComboFix2.txt 2009-08-23 19:42

Pre-Run: 17,211,674,624 bytes free
Post-Run: 17,034,530,816 bytes free

390

#12 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 August 2009 - 12:31 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 24, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 24, 2009 14:49:11
Records in database: 2683725
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 242398
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:40:02

#13 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 August 2009 - 12:33 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ravenous at 12:23:37.79 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1430 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Ravenous\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hoc-clan.com/index.php
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Pro Agent] "c:\program files\dtools2\daemon tools pro\DTProAgent.exe"
uRun: [HOTASMode] "c:\program files\hotas\hotasconfig.exe" /mode /foxy /au /dm /bu "/pc:\program files\hotas\profiles\Raven.tmc"
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [ImpulseFastStart] "c:\program files\stardock\impulse\Impulse.exe" /fastload
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [EasyTuneV] c:\program files\gigabyte\et5\ETcall.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\ravenous\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230224903687
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230224890093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.oasiz.net/chat/controls/msnchat45.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ravenous\applic~1\mozilla\firefox\profiles\9x6fkdc8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hoc-clan.com/index.php
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-8 298776]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-8-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2008-6-11 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2008-6-11 36384]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [2004-7-26 56576]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\STTub203.sys [2008-3-13 40312]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]

=============== Created Last 30 ================

2009-08-24 07:47 754 a------- c:\windows\WORDPAD.INI
2009-08-24 07:23 <DIR> --ds---- C:\ComboFix
2009-08-23 14:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-23 14:31 <DIR> a-dshr-- C:\cmdcons
2009-08-23 14:30 229,376 a------- c:\windows\PEV.exe
2009-08-23 14:30 161,792 a------- c:\windows\SWREG.exe
2009-08-23 14:30 98,816 a------- c:\windows\sed.exe
2009-08-18 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-18 16:47 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-08-18 16:47 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-18 16:47 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-08-17 23:06 <DIR> --d----- c:\program files\Cryptic Studios
2009-08-11 12:06 645,152 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:06 9,680 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-11 11:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-11 11:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-11 11:56 <DIR> --d----- c:\docume~1\ravenous\applic~1\SUPERAntiSpyware.com
2009-08-09 16:58 <DIR> --d----- c:\program files\Trend Micro
2009-08-09 16:58 <DIR> --d----- c:\docume~1\ravenous\applic~1\Malwarebytes
2009-08-09 16:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 16:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-09 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-28 12:42 <DIR> --dsh--- c:\documents and settings\ravenous\PrivacIE
2009-07-28 11:32 <DIR> --dsh--- c:\documents and settings\ravenous\IETldCache
2009-07-28 11:28 <DIR> --d----- c:\windows\ie8updates
2009-07-28 11:28 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-28 11:25 <DIR> -cd-h--- c:\windows\ie8
2009-07-28 02:03 <DIR> --d----- c:\windows\system32\scripting
2009-07-28 02:03 <DIR> --d----- c:\windows\system32\en
2009-07-28 02:03 <DIR> --d----- c:\windows\l2schemas
2009-07-28 01:31 397,312 -------- c:\windows\system32\mmcex.dll

==================== Find3M ====================

2009-07-28 02:04 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 08:03 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 13:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 13:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 13:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 13:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 13:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 13:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 13:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 13:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-07-01 09:59 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\SET72C.tmp
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-09-30 14:03 22,328 a------- c:\docume~1\ravenous\applic~1\PnkBstrK.sys

============= FINISH: 12:24:16.96 ===============

#14 Ravenous33

Ravenous33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 August 2009 - 12:45 PM

Should I be worried about these?

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]

Things are running are running smoother then before

#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:30 AM

Posted 24 August 2009 - 01:19 PM

Should I be worried about these?...

No need to worry about those three :)


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /u in the runbox and click OK

Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users