Jump to content

Malware Removal - HijackThis Logs


Recommended Posts

Reply from lock topic http://www.malwarebytes.org/forums/index.php?showtopic=9304

ComboFix 09-01-24.01 - Paul 2009-01-25 18:01:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2434 [GMT -7:00]

Running from: c:\documents and settings\Paul\Desktop\Combo-Fix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\IE4 Error Log.txt

c:\windows\system32\mdm.exe

c:\windows\system32\vycJknmp.ini2

.

((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))

.

2009-01-25 17:23 . 2009-01-25 17:23 <DIR> d-------- c:\program files\CCleaner

2009-01-18 18:10 . 2009-01-18 18:10 <DIR> d-------- c:\documents and settings\Guest

2009-01-18 00:22 . 2009-01-18 00:22 <DIR> d-------- c:\program files\Radicomm

2009-01-11 10:04 . 2009-01-11 10:04 <DIR> d-------- c:\program files\PowerISO

2009-01-03 15:59 . 2009-01-03 15:59 <DIR> d-------- c:\program files\NOS

2009-01-03 15:59 . 2009-01-03 15:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

2009-01-03 11:17 . 2009-01-03 11:17 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-01-03 10:57 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-01-03 10:52 . 2009-01-03 10:52 <DIR> d-------- c:\program files\Trend Micro

2009-01-03 10:36 . 2009-01-05 09:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-01-03 10:36 . 2009-01-05 09:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-03 10:33 . 2009-01-03 10:33 <DIR> d-------- c:\program files\Panda Security

2009-01-03 01:58 . 2009-01-03 01:59 <DIR> d-------- c:\program files\iTunes

2009-01-03 01:58 . 2009-01-03 01:58 <DIR> d-------- c:\program files\iPod

2009-01-03 01:58 . 2009-01-03 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-01 10:41 . 2009-01-04 17:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-01 10:41 . 2009-01-01 10:41 <DIR> d-------- c:\documents and settings\Paul\Application Data\Malwarebytes

2009-01-01 10:41 . 2009-01-01 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-01 10:41 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-01 10:41 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-31 21:38 . 2009-01-01 10:02 124 --a------ c:\windows\wininit.ini

2008-12-31 12:21 . 2008-12-31 12:23 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-12-31 12:20 . 2008-12-31 12:23 <DIR> d-------- c:\program files\Spyware Doctor

2008-12-30 10:36 . 2008-12-30 10:36 <DIR> d-------- c:\program files\Lavasoft

2008-12-30 10:36 . 2008-12-30 10:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-12-30 10:20 . 2008-12-30 10:29 <DIR> d-------- c:\program files\NoAdware

2008-12-30 09:56 . 2008-12-30 09:56 1,307,943 ---hs---- c:\windows\system32\bxjlccqa.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-25 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-01-24 23:07 --------- d-----w c:\documents and settings\Paul\Application Data\Azureus

2009-01-24 15:21 --------- d-----w c:\program files\Azureus

2009-01-18 07:51 512 ----a-w C:\backup.bat

2009-01-16 21:12 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-16 21:12 --------- d-----w c:\program files\Ubisoft

2009-01-11 17:43 --------- d-----w c:\program files\NCH Swift Sound

2009-01-11 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound

2009-01-05 16:26 --------- d-----w c:\program files\MySpace

2009-01-05 16:25 --------- d-----w c:\program files\TorqueGameBuilder

2009-01-05 16:24 --------- d-----w c:\program files\Windows Live Safety Center

2009-01-05 16:24 --------- d-----w c:\program files\Cisco Systems

2009-01-05 16:23 --------- d-----w c:\program files\Yahoo!

2009-01-05 16:23 --------- d-----w c:\program files\YAC

2009-01-05 16:23 --------- d-----w c:\program files\Common Files\Real

2009-01-05 16:23 --------- d-----w c:\documents and settings\Paul\Application Data\Yahoo!

2009-01-05 16:23 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!

2009-01-05 16:22 --------- d-----w c:\program files\Sling Media

2009-01-05 16:22 --------- d-----w c:\program files\Microsoft ActiveSync

2009-01-03 18:16 --------- d-----w c:\program files\Common Files\Adobe

2009-01-03 08:59 --------- d-----w c:\program files\Bonjour

2009-01-03 08:58 --------- d-----w c:\program files\Common Files\Apple

2009-01-03 08:57 --------- d-----w c:\program files\QuickTime

2009-01-01 00:32 --------- d-----w c:\program files\Steam

2008-12-30 17:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-17 16:44 --------- dc-h--w c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2008-12-15 05:04 --------- d-----w c:\program files\Electronic Arts

2008-12-14 19:07 --------- d-----w c:\program files\Java

2008-12-11 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-06 04:20 --------- d-----w c:\program files\LucasArts

2008-11-30 06:49 --------- d-----w c:\program files\OpenAL

2008-11-30 06:49 --------- d-----w c:\program files\Eidos

2008-11-22 04:12 22,328 ----a-w c:\documents and settings\Paul\Application Data\PnkBstrK.sys

2008-08-30 19:55 24 ----a-w c:\documents and settings\Paul\jagex_runescape_preferences.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-06-23 4608]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

c:\documents and settings\Paul\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-08-23 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=

"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\Battlegrounds.exe"=

"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\WINDOWS\\system32\\vsjitdebugger.exe"=

"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=

"c:\\Program Files\\Steam\\steamapps\\commanderbeatle2\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-03 28544]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-04-23 33800]

R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-03-23 30032]

R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-30 24652]

S0 cvtvwp;cvtvwp;c:\windows\system32\drivers\ahwdc.sys --> c:\windows\system32\drivers\ahwdc.sys [?]

S0 pusoxm;pusoxm;c:\windows\system32\drivers\mfmmzsw.sys --> c:\windows\system32\drivers\mfmmzsw.sys [?]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-03 33752]

S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2008-07-24 141056]

S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2008-06-25 198528]

S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]

\Shell\AutoRun\command - P:\SETUP.EXE /AUTORUN

\Shell\configure\command - P:\SETUP.EXE

\Shell\install\command - P:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74085142-3579-11dd-b602-806d6172696f}]

\Shell\AutoRun\command - d:\.\Bin\ASSETUP.exe

.

Contents of the 'Scheduled Tasks' folder

2009-01-25 c:\windows\Tasks\backup.job

- C:\backup.bat [2009-01-18 00:51]

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

Notify-dimsntfy - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\28i11rob.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&gl=us

FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\28i11rob.default\extensions\{be06941c-ca0b-4038-948f-16dc64c8dd3f}\components\FFAlert.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-25 18:05:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1202660629-725345543-1003\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:de,a2,c9,a5,ad,0d,9d,fb,bd,ad,94,10,aa,94,aa,a7,c3,a4,36,16,29,

45,df,9e,9b,11,84,b4,6e,d3,14,fd,4e,40,42,66,87,b0,cc,de,d8,9b,9f,e8,06,85,\

"rkeysecu"=hex:b3,6a,60,da,46,a9,01,23,29,01,2e,3d,3c,e9,53,74

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(960)

c:\windows\system32\nvappfilter.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-01-25 18:14:27 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-26 01:14:25

Pre-Run: 46,679,252,992 bytes free

Post-Run: 46,501,380,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

241 --- E O F --- 2008-12-18 10:00:41

DDS (Ver_09-01-19.01) - NTFSx86

Run by Paul at 18:18:34.31 on Sun 01/25/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2401 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Paul\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: NoExplorer - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent

mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

StartupFolder: c:\docume~1\paul\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paul\applic~1\mozilla\firefox\profiles\28i11rob.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&gl=us

FF - component: c:\documents and settings\paul\application data\mozilla\firefox\profiles\28i11rob.default\extensions\{be06941c-ca0b-4038-948f-16dc64c8dd3f}\components\FFAlert.dll

FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-3 28544]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-4-23 33800]

R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]

R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-4-23 472320]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-30 24652]

S0 cvtvwp;cvtvwp;c:\windows\system32\drivers\ahwdc.sys --> c:\windows\system32\drivers\ahwdc.sys [?]

S0 pusoxm;pusoxm;c:\windows\system32\drivers\mfmmzsw.sys --> c:\windows\system32\drivers\mfmmzsw.sys [?]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-3 33752]

S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2008-7-24 141056]

S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2008-6-25 198528]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-01-25 17:53 <DIR> a-dshr-- C:\cmdcons

2009-01-25 17:51 286,720 a------- c:\windows\SWREG.exe

2009-01-25 17:51 98,816 a------- c:\windows\sed.exe

2009-01-25 17:23 <DIR> --d----- c:\program files\CCleaner

2009-01-18 00:22 <DIR> --d----- c:\program files\Radicomm

2009-01-11 10:04 <DIR> --d----- c:\program files\PowerISO

2009-01-03 10:57 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2009-01-03 10:52 <DIR> --d----- c:\program files\Trend Micro

2009-01-03 10:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-01-03 10:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-01-03 10:33 <DIR> --d----- c:\program files\Panda Security

2009-01-03 01:58 <DIR> --d----- c:\program files\iPod

2009-01-03 01:58 <DIR> --d----- c:\program files\iTunes

2009-01-03 01:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-01 10:41 <DIR> --d----- c:\docume~1\paul\applic~1\Malwarebytes

2009-01-01 10:41 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-01-01 10:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-01 10:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-01-01 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2008-12-31 21:38 124 a------- c:\windows\wininit.ini

2008-12-31 12:20 <DIR> --d----- c:\program files\Spyware Doctor

2008-12-30 10:36 <DIR> --d----- c:\program files\Lavasoft

2008-12-30 10:20 <DIR> --d----- c:\program files\NoAdware

2008-12-30 09:56 1,307,943 ---sh--- c:\windows\system32\bxjlccqa.tmp

==================== Find3M ====================

2009-01-18 00:51 512 a------- C:\backup.bat

2009-01-03 11:06 410,984 a------- c:\windows\system32\deploytk.dll

2008-12-14 21:59 6,304 a------- c:\windows\system32\ealregsnapshot1.reg

2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe

2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll

2008-11-29 23:49 413,696 a------- c:\windows\system32\wrap_oal.dll

2008-11-29 23:49 110,592 a------- c:\windows\system32\OpenAL32.dll

2008-11-21 21:12 22,328 a------- c:\docume~1\paul\applic~1\PnkBstrK.sys

2008-11-10 00:20 29,480 a------- c:\windows\system32\msxml3a.dll

2008-11-10 00:20 505,128 a------- c:\windows\system32\msvcp71.dll

2008-11-10 00:20 353,576 a------- c:\windows\system32\msvcr71.dll

2008-08-30 12:55 24 a------- c:\documents and settings\paul\jagex_runescape_preferences.dat

============= FINISH: 18:18:41.39 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/8/2008 4:50:51 PM

System Uptime: 1/25/2009 6:04:31 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | StrikerExtreme

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 43.328 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

K: is FIXED (NTFS) - 466 GiB total, 167.156 GiB free.

L: is CDROM ()

M: is Removable

N: is Removable

O: is CDROM ()

Z: is NetworkDisk (NTFS) - 75 GiB total, 5.306 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&1F277EB8&0&00

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller #2

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&1F277EB8&0&00

Service: NVENETFD

==== System Restore Points ===================

RP192: 1/1/2009 2:12:36 PM - System Checkpoint

RP193: 1/1/2009 2:12:36 PM - System Checkpoint

RP194: 1/1/2009 2:12:36 PM - System Checkpoint

RP195: 1/1/2009 2:12:36 PM - System Checkpoint

RP196: 1/1/2009 2:12:36 PM - System Checkpoint

RP197: 1/1/2009 2:12:36 PM - Installed iTunes

RP198: 1/1/2009 2:12:36 PM - System Checkpoint

RP199: 1/1/2009 2:12:36 PM - System Checkpoint

RP200: 1/1/2009 2:12:36 PM - System Checkpoint

RP201: 1/1/2009 2:12:36 PM - System Checkpoint

RP202: 1/1/2009 2:12:36 PM - System Checkpoint

RP203: 1/1/2009 2:12:37 PM - System Checkpoint

RP204: 1/1/2009 2:12:37 PM - System Checkpoint

RP205: 1/1/2009 2:12:37 PM - System Checkpoint

RP206: 1/1/2009 2:12:37 PM - System Checkpoint

RP207: 1/1/2009 2:12:37 PM - Software Distribution Service 3.0

RP208: 1/1/2009 2:12:37 PM - System Checkpoint

RP209: 1/1/2009 2:12:38 PM - System Checkpoint

RP210: 1/1/2009 2:12:38 PM - System Checkpoint

RP211: 1/1/2009 2:12:38 PM - System Checkpoint

RP212: 1/1/2009 2:12:38 PM - System Checkpoint

RP213: 1/1/2009 2:12:38 PM - System Checkpoint

RP214: 1/1/2009 2:12:39 PM - System Checkpoint

RP215: 1/1/2009 2:12:39 PM - System Checkpoint

RP216: 1/1/2009 2:12:44 PM - Removed Nero 8

RP217: 1/1/2009 2:12:46 PM - Software Distribution Service 3.0

RP218: 1/1/2009 2:12:47 PM - System Checkpoint

RP219: 1/1/2009 2:12:48 PM - System Checkpoint

RP220: 1/1/2009 2:12:48 PM - Installed Far Cry 2

RP221: 1/1/2009 2:12:48 PM - Installed DirectX

RP222: 1/1/2009 2:12:49 PM - System Checkpoint

RP223: 1/1/2009 2:12:49 PM - System Checkpoint

RP224: 1/1/2009 2:12:50 PM - System Checkpoint

RP225: 1/1/2009 2:12:50 PM - System Checkpoint

RP226: 1/1/2009 2:12:50 PM - System Checkpoint

RP227: 1/1/2009 2:12:51 PM - System Checkpoint

RP228: 1/1/2009 2:12:51 PM - System Checkpoint

RP229: 1/1/2009 2:12:52 PM - System Checkpoint

RP230: 1/1/2009 2:12:52 PM - System Checkpoint

RP231: 1/1/2009 2:12:52 PM - System Checkpoint

RP232: 1/1/2009 2:12:52 PM - Installed PowerAlert Local Software.

RP233: 1/1/2009 2:12:52 PM - Removed PowerAlert Local Software.

RP234: 1/1/2009 2:12:53 PM - System Checkpoint

RP235: 1/1/2009 2:12:54 PM - System Checkpoint

RP236: 1/1/2009 2:12:54 PM - Installed PowerDVD

RP237: 1/1/2009 2:12:54 PM - System Checkpoint

RP238: 1/1/2009 2:12:54 PM - System Checkpoint

RP239: 1/1/2009 2:12:54 PM - Software Distribution Service 3.0

RP240: 1/1/2009 2:12:54 PM - System Checkpoint

RP241: 1/1/2009 2:12:54 PM - System Checkpoint

RP242: 1/1/2009 2:12:54 PM - Software Distribution Service 3.0

RP243: 1/1/2009 2:12:54 PM - Installed Red Alert 2

RP244: 1/1/2009 2:12:54 PM - System Checkpoint

RP245: 1/1/2009 2:12:55 PM - System Checkpoint

RP246: 1/1/2009 2:12:55 PM - System Checkpoint

RP247: 1/1/2009 2:12:55 PM - System Checkpoint

RP248: 1/1/2009 2:12:56 PM - System Checkpoint

RP249: 1/1/2009 2:12:56 PM - System Checkpoint

RP250: 1/1/2009 2:12:56 PM - Removed Far Cry 2

RP251: 1/1/2009 2:12:56 PM - Installed Far Cry 2

RP252: 1/1/2009 2:12:56 PM - Installed DirectX

RP253: 1/1/2009 2:12:56 PM - System Checkpoint

RP254: 1/1/2009 2:12:56 PM - System Checkpoint

RP255: 1/1/2009 2:12:56 PM - System Checkpoint

RP256: 1/1/2009 2:12:57 PM - System Checkpoint

RP257: 1/1/2009 2:12:57 PM - System Checkpoint

RP258: 1/1/2009 2:12:57 PM - System Checkpoint

RP259: 1/1/2009 2:12:57 PM - System Checkpoint

RP260: 1/1/2009 2:12:57 PM - Installed Microsoft Games for Windows - LIVE Redistributable

RP261: 1/1/2009 2:12:58 PM - Installed Kane and Lynch: Dead Men.

RP262: 1/1/2009 2:12:58 PM - System Checkpoint

RP263: 1/1/2009 2:12:58 PM - System Checkpoint

RP264: 1/1/2009 2:12:58 PM - System Checkpoint

RP265: 1/1/2009 2:12:58 PM - System Checkpoint

RP266: 1/1/2009 2:12:58 PM - System Checkpoint

RP267: 1/1/2009 2:12:59 PM - Installed Star Wars Galactic Battlegrounds: Clone Campaigns

RP268: 1/1/2009 2:12:59 PM - System Checkpoint

RP269: 1/1/2009 2:12:59 PM - System Checkpoint

RP270: 1/1/2009 2:12:59 PM - System Checkpoint

RP271: 1/1/2009 2:13:00 PM - System Checkpoint

RP272: 1/1/2009 2:13:01 PM - System Checkpoint

RP273: 1/1/2009 2:13:01 PM - Software Distribution Service 3.0

RP274: 1/1/2009 2:13:01 PM - System Checkpoint

RP275: 1/1/2009 2:13:02 PM - System Checkpoint

RP276: 1/1/2009 2:13:02 PM - Installed Java 6 Update 11

RP277: 1/1/2009 2:13:02 PM - Installed EA Download Manager

RP278: 1/1/2009 2:13:02 PM - System Checkpoint

RP279: 1/1/2009 2:13:03 PM - System Checkpoint

RP280: 1/1/2009 2:13:03 PM - System Checkpoint

RP281: 1/1/2009 2:13:03 PM - Software Distribution Service 3.0

RP282: 1/1/2009 2:13:04 PM - System Checkpoint

RP283: 1/1/2009 2:13:04 PM - System Checkpoint

RP284: 1/1/2009 2:13:04 PM - System Checkpoint

RP285: 1/1/2009 2:13:04 PM - System Checkpoint

RP286: 1/1/2009 2:13:04 PM - System Checkpoint

RP287: 1/1/2009 2:13:05 PM - System Checkpoint

RP288: 1/1/2009 2:13:05 PM - System Checkpoint

RP289: 1/1/2009 2:13:05 PM - System Checkpoint

RP290: 1/1/2009 2:13:05 PM - System Checkpoint

RP291: 1/1/2009 2:13:05 PM - System Checkpoint

RP292: 1/1/2009 2:13:05 PM - Last known good configuration

RP293: 1/1/2009 2:13:06 PM - Installed Ad-Aware

RP294: 1/1/2009 2:13:07 PM - System Checkpoint

RP295: 1/1/2009 2:13:07 PM - Installed Antispyware

RP296: 1/1/2009 2:13:17 PM - Last known good configuration

RP297: 1/2/2009 4:52:30 PM - System Checkpoint

RP298: 1/3/2009 11:06:17 AM - Removed Java 6 Update 11

RP299: 1/3/2009 11:06:44 AM - Installed Java 6 Update 11

RP300: 1/3/2009 11:15:36 AM - Removed Adobe Reader 8.1.2

RP301: 1/3/2009 11:16:26 AM - Installed Adobe Reader 9.

RP302: 1/4/2009 11:24:50 AM - System Checkpoint

RP303: 1/5/2009 9:21:04 AM - Removed SlingPlayer Mobile for Windows Smartphone

RP304: 1/5/2009 9:21:42 AM - Configured SlingPlayer

RP305: 1/5/2009 9:25:03 AM - Removed VPN Client

RP306: 1/5/2009 9:26:07 AM - Removed OpenOffice.org Installer 1.0

RP307: 1/5/2009 9:27:39 AM - Removed GameSpy Comrade.

RP308: 1/5/2009 9:29:31 AM - Removed Apple Mobile Device Support

RP309: 1/6/2009 9:50:53 AM - System Checkpoint

RP310: 1/7/2009 10:05:50 AM - System Checkpoint

RP311: 1/8/2009 10:36:17 AM - System Checkpoint

RP312: 1/9/2009 12:33:45 PM - System Checkpoint

RP313: 1/10/2009 12:39:14 PM - System Checkpoint

RP314: 1/11/2009 12:57:56 PM - System Checkpoint

RP315: 1/12/2009 1:39:07 PM - System Checkpoint

RP316: 1/13/2009 2:10:13 PM - System Checkpoint

RP317: 1/14/2009 3:10:13 PM - System Checkpoint

RP318: 1/15/2009 3:10:29 PM - System Checkpoint

RP319: 1/16/2009 12:59:01 PM - Installed Tom Clancy's Ghost Recon Advanced Warfighter

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.33

Database version: 1698

Windows 5.1.2600 Service Pack 2

1/27/2009 12:07:30 AM

mbam-log-2009-01-27 (00-07-30).txt

Scan type: Quick Scan

Objects scanned: 68270

Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:12:52 AM, on 1/27/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 7068 bytes

Link to post
Share on other sites

  • Root Admin

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.
  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. As soon as it's done and the
    COPY
    button is available click on the
    COPY
    button.

  • DO NOT
    Click on the
    SCAN
    button.

  • This will place the scan in your clipboard. Paste that into notepad or into your next reply post please.

  • Click OK and quit the GMER program.

How is the computer running now?

Are there still any signs of infection?

Link to post
Share on other sites

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-01-27 08:31:31

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT spss.sys ZwEnumerateKey [0xBA6C6CA2]

SSDT spss.sys ZwEnumerateValueKey [0xBA6C7030]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8AE4D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 892141F8

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

---- EOF - GMER 1.0.14 ----

The computer seems good now, no signs of infection that I can tell, a whole lot better than before thanks.

Link to post
Share on other sites

  • Root Admin

Well I'd like to look a bit further into that one driver.

Please restart the computer and run this. You don't need to download a new version just run this FULL scanner method please.

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.
  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a .ZIP file.

  • Click OK and quit the GMER program.

Link to post
Share on other sites

  • Root Admin

It could be due to either Alcohol 120% or Daemon Tools both of which try to hide from CD protection algorithms.

Please download, burn, and run this CD if you can and let me know if it finds anything.

Have it check ALL FILES.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

    Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


  • repair a damaged system,
  • rescue data,

  • scan the system for virus infections.


    Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
    The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Link to post
Share on other sites

  • Root Admin

Okay then I assume it corrected those issues it found.

Please run the following one more time and let me know how the computer is running now and if there are still any signs of an infection.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

Seems fine to me.

Malwarebytes' Anti-Malware 1.33

Database version: 1708

Windows 5.1.2600 Service Pack 2

1/30/2009 10:51:16 AM

mbam-log-2009-01-30 (10-51-16).txt

Scan type: Quick Scan

Objects scanned: 68556

Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:52:36 AM, on 1/30/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 7715 bytes

Link to post
Share on other sites

  • Root Admin

Logs look clean to me.

I highly suggest you upgrade IE from version 6 to version 7 - it is more secure. Also update to XP SP3

Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • Check Turn off System Restore.

  • Click Apply, and then click OK.

  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • UN-Check *Turn off System Restore*.

  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install hpHosts

Download it from
here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

Note 1:

If you are running Windows XP
SP2
, you should upgrade to
SP3
.

Note 2:

Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.

The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.