ShadowFeonix Posted August 7, 2008 ID:24503 Share Posted August 7, 2008 (edited) So my buddy moved in with me and i was playing games on his computer (this one) and all these pop-ups came up I ran spybot and 2 files will not go away i am attaching the specified logs, any help would be greatly appreciatedMalwarebytes' Anti-Malware 1.24Database version: 1031Windows 5.1.2600 Service Pack 25:46:19 PM 8/7/2008mbam-log-8-7-2008 (17-46-14).txtScan type: Quick ScanObjects scanned: 52991Time elapsed: 12 minute(s), 16 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 26Registry Values Infected: 5Registry Data Items Infected: 0Folders Infected: 27Files Infected: 88Memory Processes Infected:C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> No action taken.C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> No action taken.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{71493218-e553-4fa8-85e2-e6d18fa75509} (Rogue.SpyMaxx) -> No action taken.HKEY_CLASSES_ROOT\Typelib\{f4f41439-82fc-4681-acb0-7d3798f685c0} (Rogue.SpyMaxx) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{1e33f406-ab8f-4153-a5c8-089aeff5cc87} (Rogue.SpyMaxx) -> No action taken.HKEY_CLASSES_ROOT\mdreg.clsreg (Rogue.SpyMaxx) -> No action taken.HKEY_CLASSES_ROOT\bndaero6.band (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{ddbc293e-52e4-45e8-a684-2c3c96efc069} (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\bndaero6.band.1 (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\bndaero6.bho (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\bndaero6.bho.1 (Adware.SearchAid) -> No action taken.HKEY_CLASSES_ROOT\AppID\{5c9da244-a571-4fe7-ab8c-ca47703c686b} (Adware.ISM) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{4ebd21a2-8ce0-47dd-8eb6-c902333d582c} (Rogue.SpyAway) -> No action taken.HKEY_CLASSES_ROOT\Interface\{4698d99d-ca8f-438a-ac82-96495a2de714} (Rogue.SpyAway) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{548e1154-fa99-4b77-9fc5-02c9d8c9d24d} (Rogue.SpyAway) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> No action taken.HKEY_CLASSES_ROOT\AppID\BndAero6.DLL (Adware.ISM) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\spyaway (Rogue.SpyAway) -> No action taken.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule20 (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack20 (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyaway (Rogue.SpyAway) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> No action taken.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\SpyAway (Rogue.SpyAway) -> No action taken.C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway (Rogue.SpyAway) -> No action taken.C:\Program Files\Starware (Adware.Starware) -> No action taken.C:\Program Files\Starware\bin (Adware.Starware) -> No action taken.C:\Program Files\Starware\icons (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\images (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> No action taken.C:\Program Files\3721 (Fake.Dropped.Malware) -> No action taken.C:\Program Files\3721\assist (Fake.Dropped.Malware) -> No action taken.C:\Program Files\QdrDrive (Adware.AdBand) -> No action taken.C:\Program Files\ISM (Adware.ISM) -> No action taken.C:\Program Files\QdrModule (Adware.ISM) -> No action taken.C:\Program Files\QdrPack (Adware.ISM) -> No action taken.C:\Program Files\GetPack (Trojan.Agent) -> No action taken.C:\Program Files\iCheck (Trojan.Agent) -> No action taken.C:\Program Files\GetModule (Trojan.Agent) -> No action taken.C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Games (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Movies (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Screensavers (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\SearchMatch (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> No action taken.Files Infected:C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> No action taken.C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> No action taken.C:\Program Files\SpyAway\clsReg.dll (Rogue.SpyMaxx) -> No action taken.C:\Program Files\QdrDrive\QdrDrive11.dll (Adware.SearchAid) -> No action taken.C:\Documents and Settings\GS\Local Settings\Temporary Internet Files\Content.IE5\3JV1GD1K\gettpa120[1].exe (Trojan.Downloader) -> No action taken.C:\Program Files\SpyAway\config.dat (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\filesbase.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\global_virus_table.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\hosts.dat (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\ignoredomainsbase.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\ignorefilesbase.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\ignoreregsbase.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\regbase.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\sa_ie_monitor.dll (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\spy.dat (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\SpyAway.exe (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\stat.bin (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\uninstall.exe (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\uninstall.log (Rogue.SpyAway) -> No action taken.C:\Program Files\SpyAway\urlbase.bin (Rogue.SpyAway) -> No action taken.C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\SpyAway.lnk (Rogue.SpyAway) -> No action taken.C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\Uninstall SpyAway.lnk (Rogue.SpyAway) -> No action taken.C:\Program Files\Starware\bin\Starware.dll (Adware.Starware) -> No action taken.C:\Program Files\Starware\icons\star_16.ico (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\contexts\Related.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> No action taken.C:\Program Files\3721\assist\asbar.dll (Fake.Dropped.Malware) -> No action taken.C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> No action taken.C:\Program Files\ISM\ism.exe (Adware.ISM) -> No action taken.C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> No action taken.C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> No action taken.C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> No action taken.C:\Program Files\QdrModule\pckr.dat (Adware.ISM) -> No action taken.C:\Program Files\QdrModule\softyadsupdate.exe (Adware.ISM) -> No action taken.C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> No action taken.C:\Program Files\QdrPack\dsmupd.exe (Adware.ISM) -> No action taken.C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> No action taken.C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> No action taken.C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> No action taken.C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> No action taken.C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> No action taken.C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> No action taken.C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> No action taken.C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> No action taken.C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> No action taken.C:\WINDOWS\system32\ESHOPEE.exe (Fake.Dropped.Malware) -> No action taken.C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> No action taken.C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> No action taken.;***********************************************************************************************************************************************************************************ANALYSIS: 2008-08-07 19:57:25PROTECTIONS: 1MALWARE: 70SUSPECTS: 1;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Zone Alarm Security Suite 7.0.408.000 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp15.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak7.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak11.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp18.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp22.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7BED0340-176B-44bc-915E-C21C1DD6F617}00035722 adware/comet Adware No 0 Yes No HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D49E9D35-254C-4c6a-9D17-95018D228FF5}00035722 adware/comet Adware No 0 Yes No c:\program files\starware00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}00035722 adware/comet Adware No 0 Yes No c:\documents and settings\gs\application data\starware00035722 adware/comet Adware No 0 Yes No c:\documents and settings\all users\application data\starware00040319 adware/activesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f}00047327 adware/adsincontext Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{029E02F0-A0E5-4B19-B958-7BF2DB29FB13}00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}00120993 adware/deskwizz Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4dfb-9693-23AB7686A456}00122030 adware/fastvideoplayer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5DD9A64-5C4B-4A48-BE56-97C1A8F85708}00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@trafficmp[2].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@casalemedia[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@atdmt[2].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@247realmedia[1].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@fastclick[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@tribalfusion[2].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@tribalfusion[2].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@mediaplex[1].txt00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@entrepreneur[1].txt00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@maxserving[2].txt00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@belnk[1].txt00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@revenue[1].txt00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@dist.belnk[2].txt00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www.myaffiliateprogram[1].txt00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@seeq[1].txt00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@webpower[2].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@azjmp[2].txt00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@perf.overture[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@ad.yieldmanager[2].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@serving-sys[2].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@serving-sys[1].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@bs.serving-sys[1].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www.burstbeacon[2].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@www.burstbeacon[1].txt00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@as1.falkag[2].txt00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@adtech[1].txt00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@server.iad.liveperson[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@advertising[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@advertising[1].txt00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@adrevolver[1].txt00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@statse.webtrendslive[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ads.pointroll[2].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@overture[1].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@realmedia[2].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@realmedia[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@questionmarket[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@questionmarket[2].txt00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@zedo[2].txt00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@bluestreak[1].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@adrevolver[2].txt00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@adultfriendfinder[1].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@go[1].txt00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ath.belnk[2].txt00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www48.seeq[1].txt00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@searchportal.information[2].txt00206648 adware/activshopper Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@target[2].txt00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ct.360i[2].txt00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@did-it[2].txt00218901 adware/adbars Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641EF3-8A7A-4D84-8659-B0911E947CC8}00221182 adware/eshopper Adware No 0 Yes No c:\windows\system32\eshopee.exe00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@atwola[1].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@atwola[1].txt00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@smartadserver[2].txt00277997 Adware/Comet Adware No 0 Yes No C:\Program Files\Starware\bin\Starware.dll00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@adserver.filefront[1].txt00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www6.addfreestats[1].txt00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ads.addynamix[2].txt00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@citi.bridgetrack[1].txt00520936 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@enhance[2].txt02903429 Adware/Adband Adware No 0 Yes No C:\Program Files\ISM\ism.exe02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@h.starware[1].txt02912158 Trj/Clicker.AJZ Virus/Trojan Yes 2 Yes No C:\Program Files\RcvSystem\httpdchk.dll02931619 Application/SpyMaxx HackTools No 0 Yes No C:\Program Files\SpyAway\clsReg.dll03281395 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\GS\Desktop\Unused Desktop Shortcuts\spyaway_setup.exe03281395 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\SpyAway\uninstall.exe03398240 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temporary Internet Files\Content.IE5\G723CE71\data[1].htm;===================================================================================================================================================================================SUSPECTSSent Location C;===================================================================================================================================================================================No C:\Program Files\QdrDrive\qdrloader.exe C;===================================================================================================================================================================================VULNERABILITIESId Severity Description C;===================================================================================================================================================================================;===================================================================================================================================================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:19:28 PM, on 8/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ENLTV\ENLTV\TVTray.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MySpace\IM\MySpaceIM.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\GetModule\GetModule20.exeC:\Program Files\GetPack\GetPack20.exeC:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exeC:\Program Files\Common Files\AOL\1136712267\ee\AOLServiceHost.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\AIM6\aolsoftware.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\ENLTV\ENLTV\RemoteService\RS.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\LaunchPad.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\ScanU3.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...vIynOqimuav9g==R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllR3 - URLSearchHook: (no name) - - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dllO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\ENLTV\ENLTV\TVTray.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [spyAway] C:\Program Files\SpyAway\SpyAway.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 10870 bytesmbam_log_8_7_2008__17_46_14_.txthijackthis.txtActiveScan.txtmbam_log_8_7_2008__17_46_14_.txthijackthis.txtActiveScan.txt Edited August 8, 2008 by JeanInMontana Post logs inline Link to post Share on other sites More sharing options...
JeanInMontana Posted August 8, 2008 ID:24550 Share Posted August 8, 2008 You didn't remove anything with MBAM. Update MBAM, do a quick scan, be sure you take action. Copy and paste that log in to your reply and a new HJT log. Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 9, 2008 Author ID:24569 Share Posted August 9, 2008 (edited) Sorry this took so long to reply just got home from work Here is the updated logMalwarebytes' Anti-Malware 1.24Database version: 1034Windows 5.1.2600 Service Pack 29:58:10 PM 8/8/2008mbam-log-8-8-2008 (21-58-10).txtScan type: Quick ScanObjects scanned: 52947Time elapsed: 15 minute(s), 41 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 26Registry Values Infected: 5Registry Data Items Infected: 0Folders Infected: 27Files Infected: 88Memory Processes Infected:C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> Unloaded process successfully.C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{71493218-e553-4fa8-85e2-e6d18fa75509} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{f4f41439-82fc-4681-acb0-7d3798f685c0} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{1e33f406-ab8f-4153-a5c8-089aeff5cc87} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mdreg.clsreg (Rogue.SpyMaxx) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\bndaero6.band (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{ddbc293e-52e4-45e8-a684-2c3c96efc069} (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\bndaero6.band.1 (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\bndaero6.bho (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\bndaero6.bho.1 (Adware.SearchAid) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\{5c9da244-a571-4fe7-ab8c-ca47703c686b} (Adware.ISM) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{4ebd21a2-8ce0-47dd-8eb6-c902333d582c} (Rogue.SpyAway) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{4698d99d-ca8f-438a-ac82-96495a2de714} (Rogue.SpyAway) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{548e1154-fa99-4b77-9fc5-02c9d8c9d24d} (Rogue.SpyAway) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\BndAero6.DLL (Adware.ISM) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\spyaway (Rogue.SpyAway) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule20 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack20 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyaway (Rogue.SpyAway) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\SpyAway (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\Starware (Adware.Starware) -> Quarantined and deleted successfully.C:\Program Files\Starware\bin (Adware.Starware) -> Quarantined and deleted successfully.C:\Program Files\Starware\icons (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\images (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.C:\Program Files\3721 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\Program Files\3721\assist (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.Files Infected:C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\clsReg.dll (Rogue.SpyMaxx) -> Quarantined and deleted successfully.C:\Program Files\QdrDrive\QdrDrive11.dll (Adware.SearchAid) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Local Settings\Temporary Internet Files\Content.IE5\3JV1GD1K\gettpa120[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\config.dat (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\filesbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\global_virus_table.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\hosts.dat (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\ignoredomainsbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\ignorefilesbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\ignoreregsbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\regbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\sa_ie_monitor.dll (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\spy.dat (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\SpyAway.exe (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\stat.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\uninstall.exe (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\uninstall.log (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\SpyAway\urlbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\SpyAway.lnk (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\Uninstall SpyAway.lnk (Rogue.SpyAway) -> Quarantined and deleted successfully.C:\Program Files\Starware\bin\Starware.dll (Adware.Starware) -> Quarantined and deleted successfully.C:\Program Files\Starware\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\Program Files\3721\assist\asbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> Quarantined and deleted successfully.C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrModule\pckr.dat (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrModule\softyadsupdate.exe (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrPack\dsmupd.exe (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ESHOPEE.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.mbam_log_8_8_2008__21_58_10_.txtmbam_log_8_8_2008__21_58_10_.txt Edited August 9, 2008 by JeanInMontana DO NOT ADD LOGS AS AN ATTACHMENT! Link to post Share on other sites More sharing options...
JeanInMontana Posted August 9, 2008 ID:24593 Share Posted August 9, 2008 Your not following instructions. Post logs in the reply, not as an attachment and I asked for a new HJT log after you did the removal. Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 9, 2008 Author ID:24597 Share Posted August 9, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:54 PM, on 8/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\ENLTV\ENLTV\RemoteService\RS.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ENLTV\ENLTV\TVTray.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MySpace\IM\MySpaceIM.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exeC:\Program Files\Common Files\AOL\1136712267\ee\AOLServiceHost.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Curse\CurseClient.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllR3 - URLSearchHook: (no name) - - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\ENLTV\ENLTV\TVTray.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 9980 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 9, 2008 ID:24598 Share Posted August 9, 2008 Tea Timer in SBS&D must be shut off until we are done. That is clearly stated in the preHJT post instructions. Turn it off, update MBAM, run a quick scan, post that log and a new HJT log please. Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 11, 2008 Author ID:24709 Share Posted August 11, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:15:47 PM, on 8/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Curse\CurseClient.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\ENLTV\ENLTV\RemoteService\RS.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\LaunchPad.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllR3 - URLSearchHook: (no name) - - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exeO4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 8996 bytesMalwarebytes' Anti-Malware 1.24Database version: 1042Windows 5.1.2600 Service Pack 25:24:31 PM 8/11/2008mbam-log-8-11-2008 (17-24-31).txtScan type: Quick ScanObjects scanned: 52928Time elapsed: 8 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JeanInMontana Posted August 12, 2008 ID:24736 Share Posted August 12, 2008 Please upload this file C:\Program Files\RcvSystem\httpdchk.dll to here . This will ensure it gets added to the data base for future removals. Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">SDFix.exe and save it to your desktop. Double click SDFix.exe and choose Install to extract it to itsown folder on the Desktop. Please then reboot your computer in SafeMode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Finally copy and paste the contents of the results file Report.txt with a new HijackThis logReboot your system in Normal Mode. Then post the SDFix log and a new HJT log please. Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 12, 2008 Author ID:24746 Share Posted August 12, 2008 The file you asked me to upload i go to that file and its empty so i put the name in and it says the file dosen't exist am i doing something wrong?SDFix: Version 1.215 Run by GS on Tue 08/12/2008 at 04:52 PMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRebootingChecking Files : No Trojan Files FoundRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-12 16:55:52Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0Remaining Services :Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe""C:\\Program Files\\Common Files\\AOL\\1136712267\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1136712267\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services""C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader""C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire""C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft""C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility""C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader""C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled: Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 13, 2008 Author ID:24756 Share Posted August 13, 2008 I did stumble upon this in AVG fee edition Resident Shield detection"Infection" "Object" "Result" "Detection time" "Object Type" "Process""Adware Generic2.ZYS" "C:\Program Files\RcvSystem\httpdchk.dll" "Moved to Virus Vault" "8/9/2008, 12:30:35 PM" "file" "C:\Program Files\MySpace\IM\MySpaceIM.exe" Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2008 ID:24787 Share Posted August 13, 2008 OK, if AVG removed it that is why you can't find it. Can you get a copy from the vault and submit it? Limewire and Utorrent are a dangerous programs to be using and might be why you got infected. P2P programs are not safe and often the files are illegal. I recommend you get rid of them now. Run HJT again in scan only, put a check next to these items and then click fix.R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - - (no file)O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dllLaunchU3.exe <======= Have you purposely installed this? From what I find it can be malware if you didn't install it.Please upload the file C:\WINDOWS\system32\nvsvc32.exe to and post the results in your next reply. We will make sure it is malware this way.Update MBAM and do a quick scan post that log and a new HJT please. Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 14, 2008 Author ID:24800 Share Posted August 14, 2008 I tried pulling the file from the vault to upload but it says the file is 0 bytes so i don't think i canI did install LaunchU3.exe becaus this computer wasn't detecting my flash drive properlythis is from the other file:MD5: 0c41c4acfe00d826db479c40c1d9edc8First received: -Date: 08.13.2008 22:53:50 (CET) [<1D]Results: 0/36Permalink: analisis/2ee6254040f208f244fe1c5db1e7cf24HJT ran and fixed files you said to updated log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:05:33 PM, on 8/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Curse\CurseClient.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\cisvc.exeC:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\LaunchPad.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\World of Warcraft\Launcher.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: LaunchU3.exe.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 6436 bytesMBAM:Malwarebytes' Anti-Malware 1.24Database version: 1051Windows 5.1.2600 Service Pack 29:01:22 PM 8/13/2008mbam-log-8-13-2008 (21-01-22).txtScan type: Quick ScanObjects scanned: 52444Time elapsed: 8 minute(s), 23 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JeanInMontana Posted August 14, 2008 ID:24850 Share Posted August 14, 2008 Your adding new programs, no not do that during the cleaning. Avast and what ever the other one showing is.C:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exeC:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe Review this article here how to use ComboFix Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data.1. Download this file :http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop.2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.Post that log and a HiJack log in your next replyNote:Do not mouseclick combofix's window while its running. That may cause it to stall. Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 16, 2008 Author ID:24899 Share Posted August 16, 2008 Singup Shield and Avast anti-virus are not new programs they are running off my flash drive i was in the middle of backing up files when i did the last scanComboFix:ComboFix 08-08-14.05 - GS 2008-08-15 23:12:55.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1584 [GMT -4:00]Running from: C:\Documents and Settings\GS\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zipC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zipC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zipC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zipC:\Documents and Settings\GS\Application Data\macromedia\Flash Player\#SharedObjects\CH7K97K8\interclick.comC:\Documents and Settings\GS\Application Data\macromedia\Flash Player\#SharedObjects\CH7K97K8\interclick.com\ud.solC:\Documents and Settings\GS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.comC:\Documents and Settings\GS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.solC:\Documents and Settings\GS\Cookies\gs@ads.revsci[1].txtC:\Documents and Settings\GS\Cookies\gs@adtrgt[2].txtC:\Documents and Settings\GS\Cookies\gs@contextweb[1].txtC:\Documents and Settings\GS\Cookies\gs@delb.opt.fimserve[2].txtC:\Documents and Settings\GS\Cookies\gs@ebaumsworld[1].txtC:\Documents and Settings\GS\Cookies\gs@hb.razorgator[2].txtC:\Documents and Settings\GS\Cookies\gs@metrics.adobe[1].txtC:\Documents and Settings\GS\Cookies\gs@myspace[1].txtC:\Documents and Settings\GS\Cookies\gs@track.bestbuy[1].txtC:\Documents and Settings\GS\Cookies\gs@www35.vzw[1].txtC:\Documents and Settings\GS\Cookies\gs@yahoo[1].txtC:\Program Files\RcvSystem.((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))).2008-08-12 22:59 . 2008-08-12 22:59 <DIR> d-------- C:\Program Files\Ventrilo2008-08-12 22:55 . 2008-08-12 22:55 <DIR> d-------- C:\Documents and Settings\GS\.AMD Power Monitor Settings2008-08-12 22:54 . 2008-08-12 22:54 <DIR> d-------- C:\Program Files\AMD2008-08-12 22:54 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys2008-08-12 22:53 . 2008-08-12 22:53 15 --a------ C:\Program Files\config.dat2008-08-12 17:19 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll2008-08-12 16:50 . 2008-08-12 16:50 <DIR> d-------- C:\WINDOWS\ERUNT2008-08-12 16:47 . 2008-08-12 16:57 <DIR> d-------- C:\SDFix2008-08-11 20:29 . 2008-08-11 20:29 <DIR> d-------- C:\Documents and Settings\GS\Application Data\Jetico Personal Firewall2008-08-11 20:24 . 2008-08-11 20:41 <DIR> d-------- C:\Documents and Settings\GS\Application Data\AVS4YOU2008-08-11 20:24 . 2008-08-11 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU2008-08-11 20:23 . 2008-08-12 17:12 <DIR> d-------- C:\Program Files\Common Files\AVSMedia2008-08-11 20:22 . 2008-08-12 17:12 <DIR> d-------- C:\Program Files\AVS4YOU2008-08-11 20:22 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll2008-08-11 20:22 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll2008-08-11 20:22 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll2008-08-11 20:22 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll2008-08-11 20:22 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll2008-08-11 20:06 . 2008-08-11 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U32008-08-11 19:14 . 2008-08-11 19:14 <DIR> d-------- C:\Program Files\Jetico2008-08-11 17:39 . 2008-08-11 17:39 <DIR> d-------- C:\Documents and Settings\GS\Application Data\Alzex2008-08-11 17:09 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl2008-08-09 12:31 . 2008-08-13 20:02 <DIR> d--h----- C:\$AVG8.VAULT$2008-08-09 12:27 . 2008-08-15 22:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg2008-08-09 12:27 . 2008-08-11 20:03 <DIR> d-------- C:\Documents and Settings\GS\Application Data\AVGTOOLBAR2008-08-09 12:27 . 2008-08-09 12:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys2008-08-09 12:27 . 2008-08-09 12:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys2008-08-09 12:27 . 2008-08-09 12:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll2008-08-09 12:26 . 2008-08-09 12:26 <DIR> d-------- C:\Program Files\AVG2008-08-09 12:26 . 2008-08-15 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg82008-08-09 00:49 . 2008-08-09 01:36 <DIR> d--hs---- C:\Diskeeper2008-08-08 23:28 . 2008-08-08 23:28 <DIR> d-------- C:\Program Files\Diskeeper Corporation2008-08-08 23:28 . 2008-08-08 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation2008-08-08 23:11 . 2008-08-08 23:11 <DIR> d-------- C:\Program Files\uTorrent2008-08-08 23:11 . 2008-08-14 21:59 <DIR> d-------- C:\Documents and Settings\GS\Application Data\uTorrent2008-08-08 22:11 . 2008-08-08 22:11 <DIR> d-------- C:\Program Files\Curse2008-08-07 20:43 . 2008-08-07 20:43 <DIR> d-------- C:\WINDOWS\Logs2008-08-07 17:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys2008-08-07 17:28 . 2008-08-07 17:28 <DIR> d-------- C:\Program Files\Panda Security2008-08-07 17:26 . 2008-08-07 17:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-08-07 17:26 . 2008-08-07 17:26 <DIR> d-------- C:\Documents and Settings\GS\Application Data\Malwarebytes2008-08-07 17:26 . 2008-08-07 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-08-07 17:26 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys2008-08-07 17:26 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys2008-08-07 17:19 . 2008-08-07 17:19 <DIR> d-------- C:\Program Files\Trend Micro2008-08-07 17:16 . 2008-08-12 22:01 <DIR> d-------- C:\Documents and Settings\GS\Application Data\U32008-08-03 21:47 . 2008-08-03 21:48 449 --a------ C:\WINDOWS\wininit.ini2008-08-03 21:18 . 2008-08-03 21:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2008-08-03 21:18 . 2008-08-03 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-08-03 20:22 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-13 02:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-08-13 02:53 9,038 ----a-w C:\Program Files\ReadMe.rtf2008-08-13 02:53 2,228,224 ----a-w C:\Program Files\AMDClock.exe2008-08-13 02:29 --------- d-----w C:\Program Files\Common Files\Ahead2008-08-13 02:28 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-08-13 02:28 --------- d-----w C:\Program Files\InterActual2008-08-13 02:28 --------- d-----w C:\Program Files\Google2008-08-13 02:27 --------- d-----w C:\Program Files\321Studios2008-08-13 02:26 --------- d-----w C:\Program Files\DivX2008-08-13 02:26 --------- d-----w C:\Program Files\AIM2008-08-13 02:26 --------- d-----w C:\Documents and Settings\GS\Application Data\Aim2008-08-13 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL2008-08-12 21:16 --------- d-----w C:\Program Files\World of Warcraft2008-08-12 21:15 --------- d-----w C:\Program Files\Viewpoint2008-08-12 21:15 --------- d-----w C:\Program Files\Common Files\InstallShield2008-08-12 21:15 --------- d-----w C:\Documents and Settings\GS\Application Data\Viewpoint2008-08-12 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint2008-08-12 21:14 --------- d-----w C:\Program Files\MySpace2008-08-11 21:09 --------- d-----w C:\Program Files\Java2008-08-09 03:11 --------- d-----w C:\Program Files\BitComet2008-08-07 21:01 --------- d-----w C:\Program Files\LimeWire2008-08-07 21:01 --------- d-----w C:\Program Files\Incomplete2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll2008-05-16 15:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE2006-08-23 05:39 752,673 ----a-w C:\Program Files\WEB-WOWEx-E3-downloader.exe2006-08-23 05:38 745,507 ----a-w C:\Program Files\Flying_Mount_PC_EG-downloader.exe2006-08-10 02:46 4,621,782 ----a-w C:\Program Files\MKombat-1500-2.1.zip2006-07-10 00:33 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe2006-02-07 04:34 10,537,576 ----a-w C:\Program Files\zlsSetup_61_737_000_en.exe2006-01-18 02:40 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [bU]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-05-19 10:57 1400832][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-09 12:26 1232152]"SoundMan"="SOUNDMAN.EXE" [2005-05-17 22:48 77824 C:\WINDOWS\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]"AMD_Display"="" [bU]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-12-18 14:25:26 82026]LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-08-11 20:06:34 22486][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.xvid"= xvid.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]C:\Program Files\AIM6\aim6.exe [bU][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exe [bU][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]C:\Program Files\MySpace\IM\MySpaceIM.exe [bU][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2006-08-07 23:17 282624 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [bU][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTray]C:\PROGRA~1\ENLTV\ENLTV\TVTray.exe [bU][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3724:TCP"= 3724:TCP:Blizzard Downloader"6112:TCP"= 6112:TCP:Blizzard Downloader"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"6881:TCP"= 6881:TCP:Blizzard Downloader"6999:TCP"= 6999:TCP:Blizzard Downloader"26304:TCP"= 26304:TCP:BitComet 26304 TCP"26304:UDP"= 26304:UDP:BitComet 26304 UDPR0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 22:11]R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-09 12:27]R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-09 12:26]R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 12:26]R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-09 12:27]R3 Cap7134;713x_3 TV Card Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2005-03-10 12:21]R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2005-06-29 04:28]*Newly Created Service* - PROCEXP90..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\GS\Application Data\Mozilla\Firefox\Profiles\qala1n7b.default\FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-15 23:13:38Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-15 23:14:10ComboFix-quarantined-files.txt 2008-08-16 03:14:07Pre-Run: 46,406,262,784 bytes freePost-Run: 46,394,646,528 bytes free213 --- E O F --- 2008-08-13 07:03:17HJT:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:16:48 PM, on 8/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: LaunchU3.exe.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 5549 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 16, 2008 ID:24923 Share Posted August 16, 2008 When you scan for malware, you do just that. Otherwise you get false reports just as you did. Delete SDfix and ComboFix and their logs etc all files associated with them. I don't see anything malware. How are you running? Link to post Share on other sites More sharing options...
ShadowFeonix Posted August 17, 2008 Author ID:24992 Share Posted August 17, 2008 its deffinatly running smother no more popups or anything like that thanks for all the help i really appreciate it Link to post Share on other sites More sharing options...
JeanInMontana Posted August 18, 2008 ID:25170 Share Posted August 18, 2008 Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 20, 2008 ID:25414 Share Posted August 20, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts