Jump to content

Recommended Posts

So my buddy moved in with me and i was playing games on his computer (this one) and all these pop-ups came up I ran spybot and 2 files will not go away i am attaching the specified logs, any help would be greatly appreciated

Malwarebytes' Anti-Malware 1.24

Database version: 1031

Windows 5.1.2600 Service Pack 2

5:46:19 PM 8/7/2008

mbam-log-8-7-2008 (17-46-14).txt

Scan type: Quick Scan

Objects scanned: 52991

Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 26

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 27

Files Infected: 88

Memory Processes Infected:

C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> No action taken.

C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{71493218-e553-4fa8-85e2-e6d18fa75509} (Rogue.SpyMaxx) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{f4f41439-82fc-4681-acb0-7d3798f685c0} (Rogue.SpyMaxx) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{1e33f406-ab8f-4153-a5c8-089aeff5cc87} (Rogue.SpyMaxx) -> No action taken.

HKEY_CLASSES_ROOT\mdreg.clsreg (Rogue.SpyMaxx) -> No action taken.

HKEY_CLASSES_ROOT\bndaero6.band (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{ddbc293e-52e4-45e8-a684-2c3c96efc069} (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\bndaero6.band.1 (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\bndaero6.bho (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\bndaero6.bho.1 (Adware.SearchAid) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{5c9da244-a571-4fe7-ab8c-ca47703c686b} (Adware.ISM) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{4ebd21a2-8ce0-47dd-8eb6-c902333d582c} (Rogue.SpyAway) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{4698d99d-ca8f-438a-ac82-96495a2de714} (Rogue.SpyAway) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{548e1154-fa99-4b77-9fc5-02c9d8c9d24d} (Rogue.SpyAway) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> No action taken.

HKEY_CLASSES_ROOT\AppID\BndAero6.DLL (Adware.ISM) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\spyaway (Rogue.SpyAway) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule20 (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack20 (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyaway (Rogue.SpyAway) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\SpyAway (Rogue.SpyAway) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway (Rogue.SpyAway) -> No action taken.

C:\Program Files\Starware (Adware.Starware) -> No action taken.

C:\Program Files\Starware\bin (Adware.Starware) -> No action taken.

C:\Program Files\Starware\icons (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\images (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> No action taken.

C:\Program Files\3721 (Fake.Dropped.Malware) -> No action taken.

C:\Program Files\3721\assist (Fake.Dropped.Malware) -> No action taken.

C:\Program Files\QdrDrive (Adware.AdBand) -> No action taken.

C:\Program Files\ISM (Adware.ISM) -> No action taken.

C:\Program Files\QdrModule (Adware.ISM) -> No action taken.

C:\Program Files\QdrPack (Adware.ISM) -> No action taken.

C:\Program Files\GetPack (Trojan.Agent) -> No action taken.

C:\Program Files\iCheck (Trojan.Agent) -> No action taken.

C:\Program Files\GetModule (Trojan.Agent) -> No action taken.

C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Games (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Movies (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Screensavers (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\SearchMatch (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> No action taken.

Files Infected:

C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> No action taken.

C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> No action taken.

C:\Program Files\SpyAway\clsReg.dll (Rogue.SpyMaxx) -> No action taken.

C:\Program Files\QdrDrive\QdrDrive11.dll (Adware.SearchAid) -> No action taken.

C:\Documents and Settings\GS\Local Settings\Temporary Internet Files\Content.IE5\3JV1GD1K\gettpa120[1].exe (Trojan.Downloader) -> No action taken.

C:\Program Files\SpyAway\config.dat (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\filesbase.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\global_virus_table.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\hosts.dat (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\ignoredomainsbase.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\ignorefilesbase.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\ignoreregsbase.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\regbase.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\sa_ie_monitor.dll (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\spy.dat (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\SpyAway.exe (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\stat.bin (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\uninstall.exe (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\uninstall.log (Rogue.SpyAway) -> No action taken.

C:\Program Files\SpyAway\urlbase.bin (Rogue.SpyAway) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\SpyAway.lnk (Rogue.SpyAway) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\Uninstall SpyAway.lnk (Rogue.SpyAway) -> No action taken.

C:\Program Files\Starware\bin\Starware.dll (Adware.Starware) -> No action taken.

C:\Program Files\Starware\icons\star_16.ico (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\contexts\Related.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> No action taken.

C:\Program Files\3721\assist\asbar.dll (Fake.Dropped.Malware) -> No action taken.

C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> No action taken.

C:\Program Files\ISM\ism.exe (Adware.ISM) -> No action taken.

C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> No action taken.

C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> No action taken.

C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> No action taken.

C:\Program Files\QdrModule\pckr.dat (Adware.ISM) -> No action taken.

C:\Program Files\QdrModule\softyadsupdate.exe (Adware.ISM) -> No action taken.

C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> No action taken.

C:\Program Files\QdrPack\dsmupd.exe (Adware.ISM) -> No action taken.

C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> No action taken.

C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> No action taken.

C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> No action taken.

C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.

C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> No action taken.

C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> No action taken.

C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> No action taken.

C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> No action taken.

C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> No action taken.

C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\ESHOPEE.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> No action taken.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-08-07 19:57:25

PROTECTIONS: 1

MALWARE: 70

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Zone Alarm Security Suite 7.0.408.000 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp15.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak7.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak11.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp18.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp22.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip

00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7BED0340-176B-44bc-915E-C21C1DD6F617}

00035722 adware/comet Adware No 0 Yes No HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant

00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D49E9D35-254C-4c6a-9D17-95018D228FF5}

00035722 adware/comet Adware No 0 Yes No c:\program files\starware

00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}

00035722 adware/comet Adware No 0 Yes No c:\documents and settings\gs\application data\starware

00035722 adware/comet Adware No 0 Yes No c:\documents and settings\all users\application data\starware

00040319 adware/activesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}

00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f}

00047327 adware/adsincontext Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{029E02F0-A0E5-4B19-B958-7BF2DB29FB13}

00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

00120993 adware/deskwizz Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4dfb-9693-23AB7686A456}

00122030 adware/fastvideoplayer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5DD9A64-5C4B-4A48-BE56-97C1A8F85708}

00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@atdmt[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@247realmedia[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@tribalfusion[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@mediaplex[1].txt

00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@entrepreneur[1].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@maxserving[2].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@belnk[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@revenue[1].txt

00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@dist.belnk[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www.myaffiliateprogram[1].txt

00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@seeq[1].txt

00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@webpower[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@azjmp[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@ad.yieldmanager[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www.burstbeacon[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@www.burstbeacon[1].txt

00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@as1.falkag[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@adrevolver[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ads.pointroll[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@realmedia[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@zedo[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@adrevolver[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@adultfriendfinder[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@go[1].txt

00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ath.belnk[2].txt

00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www48.seeq[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@searchportal.information[2].txt

00206648 adware/activshopper Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@target[2].txt

00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ct.360i[2].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@did-it[2].txt

00218901 adware/adbars Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641EF3-8A7A-4D84-8659-B0911E947CC8}

00221182 adware/eshopper Adware No 0 Yes No c:\windows\system32\eshopee.exe

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temp\Cookies\gs@atwola[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@smartadserver[2].txt

00277997 Adware/Comet Adware No 0 Yes No C:\Program Files\Starware\bin\Starware.dll

00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@adserver.filefront[1].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@www6.addfreestats[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@ads.addynamix[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@citi.bridgetrack[1].txt

00520936 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@enhance[2].txt

02903429 Adware/Adband Adware No 0 Yes No C:\Program Files\ISM\ism.exe

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\GS\Cookies\gs@h.starware[1].txt

02912158 Trj/Clicker.AJZ Virus/Trojan Yes 2 Yes No C:\Program Files\RcvSystem\httpdchk.dll

02931619 Application/SpyMaxx HackTools No 0 Yes No C:\Program Files\SpyAway\clsReg.dll

03281395 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\GS\Desktop\Unused Desktop Shortcuts\spyaway_setup.exe

03281395 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\SpyAway\uninstall.exe

03398240 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Documents and Settings\GS\Local Settings\Temporary Internet Files\Content.IE5\G723CE71\data[1].htm

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location C

;===============================================================================

================================================================================

=

===================

No C:\Program Files\QdrDrive\qdrloader.exe C

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description C

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:19:28 PM, on 8/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ENLTV\ENLTV\TVTray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\GetModule\GetModule20.exe

C:\Program Files\GetPack\GetPack20.exe

C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1136712267\ee\AOLServiceHost.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\LaunchPad.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\ScanU3.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...vIynOqimuav9g==

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\ENLTV\ENLTV\TVTray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [spyAway] C:\Program Files\SpyAway\SpyAway.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"

O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 10870 bytes

mbam_log_8_7_2008__17_46_14_.txt

hijackthis.txt

ActiveScan.txt

mbam_log_8_7_2008__17_46_14_.txt

hijackthis.txt

ActiveScan.txt

Edited by JeanInMontana
Post logs inline
Link to post
Share on other sites

Sorry this took so long to reply just got home from work

Here is the updated log

Malwarebytes' Anti-Malware 1.24

Database version: 1034

Windows 5.1.2600 Service Pack 2

9:58:10 PM 8/8/2008

mbam-log-8-8-2008 (21-58-10).txt

Scan type: Quick Scan

Objects scanned: 52947

Time elapsed: 15 minute(s), 41 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 26

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 27

Files Infected: 88

Memory Processes Infected:

C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{71493218-e553-4fa8-85e2-e6d18fa75509} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f4f41439-82fc-4681-acb0-7d3798f685c0} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e33f406-ab8f-4153-a5c8-089aeff5cc87} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mdreg.clsreg (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bndaero6.band (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ddbc293e-52e4-45e8-a684-2c3c96efc069} (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{15f56b17-a0f8-4288-a24c-0f913b34d67b} (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bndaero6.band.1 (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bndaero6.bho (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bndaero6.bho.1 (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{5c9da244-a571-4fe7-ab8c-ca47703c686b} (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{4ebd21a2-8ce0-47dd-8eb6-c902333d582c} (Rogue.SpyAway) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4698d99d-ca8f-438a-ac82-96495a2de714} (Rogue.SpyAway) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{548e1154-fa99-4b77-9fc5-02c9d8c9d24d} (Rogue.SpyAway) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\BndAero6.DLL (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\spyaway (Rogue.SpyAway) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule20 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack20 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyaway (Rogue.SpyAway) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\SpyAway (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\Starware (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Starware\bin (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Starware\icons (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\images (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\3721 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\3721\assist (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.

C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\GetModule\GetModule20.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GetPack\GetPack20.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\clsReg.dll (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

C:\Program Files\QdrDrive\QdrDrive11.dll (Adware.SearchAid) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Local Settings\Temporary Internet Files\Content.IE5\3JV1GD1K\gettpa120[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\config.dat (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\filesbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\global_virus_table.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\hosts.dat (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\ignoredomainsbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\ignorefilesbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\ignoreregsbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\regbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\sa_ie_monitor.dll (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\spy.dat (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\SpyAway.exe (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\stat.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\uninstall.exe (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\uninstall.log (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\SpyAway\urlbase.bin (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\SpyAway.lnk (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\SpyAway\Uninstall SpyAway.lnk (Rogue.SpyAway) -> Quarantined and deleted successfully.

C:\Program Files\Starware\bin\Starware.dll (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Starware\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\3721\assist\asbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> Quarantined and deleted successfully.

C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrModule\pckr.dat (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrModule\softyadsupdate.exe (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrPack\dsmupd.exe (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.

C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\GS\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ESHOPEE.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

mbam_log_8_8_2008__21_58_10_.txt

mbam_log_8_8_2008__21_58_10_.txt

Edited by JeanInMontana
DO NOT ADD LOGS AS AN ATTACHMENT!
Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09:54 PM, on 8/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ENLTV\ENLTV\TVTray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1136712267\ee\AOLServiceHost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Curse\CurseClient.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\ENLTV\ENLTV\TVTray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9980 bytes

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:15:47 PM, on 8/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Curse\CurseClient.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\LaunchPad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Program Files\ENLTV\ENLTV\RemoteService\RS.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8996 bytes

Malwarebytes' Anti-Malware 1.24

Database version: 1042

Windows 5.1.2600 Service Pack 2

5:24:31 PM 8/11/2008

mbam-log-8-11-2008 (17-24-31).txt

Scan type: Quick Scan

Objects scanned: 52928

Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please upload this file C:\Program Files\RcvSystem\httpdchk.dll to here . This will ensure it gets added to the data base for future removals.

Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">

SDFix.exe and save it to your desktop.

Double click SDFix.exe and choose Install to extract it to its

own folder on the Desktop. Please then reboot your computer in Safe

Mode by doing the following :

* Restart your computer

* After hearing your computer beep once during startup, but before the

Windows icon appears, tap the F8 key continually;

* Instead of Windows loading as normal, the Advanced Options Menu should

appear;

* Select the first option, to run Windows in Safe Mode, then press

Enter.

* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to

start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services or Registry Entries found then prompt

you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal

process then display Finished, press any key to end the script and

load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and

also save into the SDFix folder as Report.txt.

* Finally copy and paste the contents of the results file

Report.txt with a new HijackThis log

Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

Link to post
Share on other sites

The file you asked me to upload i go to that file and its empty so i put the name in and it says the file dosen't exist am i doing something wrong?

SDFix: Version 1.215

Run by GS on Tue 08/12/2008 at 04:52 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-12 16:55:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Common Files\\AOL\\1136712267\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1136712267\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"

"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"

"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

I did stumble upon this in AVG fee edition

Resident Shield detection

"Infection" "Object" "Result" "Detection time" "Object Type" "Process"

"Adware Generic2.ZYS" "C:\Program Files\RcvSystem\httpdchk.dll" "Moved to Virus Vault" "8/9/2008, 12:30:35 PM" "file" "C:\Program Files\MySpace\IM\MySpaceIM.exe"

Link to post
Share on other sites

OK, if AVG removed it that is why you can't find it. Can you get a copy from the vault and submit it? Limewire and Utorrent are a dangerous programs to be using and might be why you got infected. P2P programs are not safe and often the files are illegal. I recommend you get rid of them now.

Run HJT again in scan only, put a check next to these items and then click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll

LaunchU3.exe <======= Have you purposely installed this? From what I find it can be malware if you didn't install it.

Please upload the file C:\WINDOWS\system32\nvsvc32.exe to and post the results in your next reply. We will make sure it is malware this way.

Update MBAM and do a quick scan post that log and a new HJT please.

Link to post
Share on other sites

I tried pulling the file from the vault to upload but it says the file is 0 bytes so i don't think i can

I did install LaunchU3.exe becaus this computer wasn't detecting my flash drive properly

this is from the other file:

MD5: 0c41c4acfe00d826db479c40c1d9edc8

First received: -

Date: 08.13.2008 22:53:50 (CET) [<1D]

Results: 0/36

Permalink: analisis/2ee6254040f208f244fe1c5db1e7cf24

HJT ran and fixed files you said to updated log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:05:33 PM, on 8/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Curse\CurseClient.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\LaunchPad.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\World of Warcraft\Launcher.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: LaunchU3.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6436 bytes

MBAM:

Malwarebytes' Anti-Malware 1.24

Database version: 1051

Windows 5.1.2600 Service Pack 2

9:01:22 PM 8/13/2008

mbam-log-8-13-2008 (21-01-22).txt

Scan type: Quick Scan

Objects scanned: 52444

Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Your adding new programs, no not do that during the cleaning. Avast and what ever the other one showing is.

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exe

C:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe

Review this article here how to use ComboFix

Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data.

1. Download this file :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop.

2. Double click combofix.exe. It will be a red icon with a white X on your desktop.

Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.

3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.

Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall.

Link to post
Share on other sites

Singup Shield and Avast anti-virus are not new programs they are running off my flash drive i was in the middle of backing up files when i did the last scan

ComboFix:

ComboFix 08-08-14.05 - GS 2008-08-15 23:12:55.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1584 [GMT -4:00]

Running from: C:\Documents and Settings\GS\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip

C:\Documents and Settings\GS\Application Data\macromedia\Flash Player\#SharedObjects\CH7K97K8\interclick.com

C:\Documents and Settings\GS\Application Data\macromedia\Flash Player\#SharedObjects\CH7K97K8\interclick.com\ud.sol

C:\Documents and Settings\GS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\GS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\Documents and Settings\GS\Cookies\gs@ads.revsci[1].txt

C:\Documents and Settings\GS\Cookies\gs@adtrgt[2].txt

C:\Documents and Settings\GS\Cookies\gs@contextweb[1].txt

C:\Documents and Settings\GS\Cookies\gs@delb.opt.fimserve[2].txt

C:\Documents and Settings\GS\Cookies\gs@ebaumsworld[1].txt

C:\Documents and Settings\GS\Cookies\gs@hb.razorgator[2].txt

C:\Documents and Settings\GS\Cookies\gs@metrics.adobe[1].txt

C:\Documents and Settings\GS\Cookies\gs@myspace[1].txt

C:\Documents and Settings\GS\Cookies\gs@track.bestbuy[1].txt

C:\Documents and Settings\GS\Cookies\gs@www35.vzw[1].txt

C:\Documents and Settings\GS\Cookies\gs@yahoo[1].txt

C:\Program Files\RcvSystem

.

((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))

.

2008-08-12 22:59 . 2008-08-12 22:59 <DIR> d-------- C:\Program Files\Ventrilo

2008-08-12 22:55 . 2008-08-12 22:55 <DIR> d-------- C:\Documents and Settings\GS\.AMD Power Monitor Settings

2008-08-12 22:54 . 2008-08-12 22:54 <DIR> d-------- C:\Program Files\AMD

2008-08-12 22:54 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys

2008-08-12 22:53 . 2008-08-12 22:53 15 --a------ C:\Program Files\config.dat

2008-08-12 17:19 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-12 16:50 . 2008-08-12 16:50 <DIR> d-------- C:\WINDOWS\ERUNT

2008-08-12 16:47 . 2008-08-12 16:57 <DIR> d-------- C:\SDFix

2008-08-11 20:29 . 2008-08-11 20:29 <DIR> d-------- C:\Documents and Settings\GS\Application Data\Jetico Personal Firewall

2008-08-11 20:24 . 2008-08-11 20:41 <DIR> d-------- C:\Documents and Settings\GS\Application Data\AVS4YOU

2008-08-11 20:24 . 2008-08-11 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-08-11 20:23 . 2008-08-12 17:12 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

2008-08-11 20:22 . 2008-08-12 17:12 <DIR> d-------- C:\Program Files\AVS4YOU

2008-08-11 20:22 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-08-11 20:22 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-08-11 20:22 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-08-11 20:22 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-08-11 20:22 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-08-11 20:06 . 2008-08-11 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U3

2008-08-11 19:14 . 2008-08-11 19:14 <DIR> d-------- C:\Program Files\Jetico

2008-08-11 17:39 . 2008-08-11 17:39 <DIR> d-------- C:\Documents and Settings\GS\Application Data\Alzex

2008-08-11 17:09 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-09 12:31 . 2008-08-13 20:02 <DIR> d--h----- C:\$AVG8.VAULT$

2008-08-09 12:27 . 2008-08-15 22:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-09 12:27 . 2008-08-11 20:03 <DIR> d-------- C:\Documents and Settings\GS\Application Data\AVGTOOLBAR

2008-08-09 12:27 . 2008-08-09 12:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-09 12:27 . 2008-08-09 12:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-09 12:27 . 2008-08-09 12:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-09 12:26 . 2008-08-09 12:26 <DIR> d-------- C:\Program Files\AVG

2008-08-09 12:26 . 2008-08-15 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-08-09 00:49 . 2008-08-09 01:36 <DIR> d--hs---- C:\Diskeeper

2008-08-08 23:28 . 2008-08-08 23:28 <DIR> d-------- C:\Program Files\Diskeeper Corporation

2008-08-08 23:28 . 2008-08-08 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2008-08-08 23:11 . 2008-08-08 23:11 <DIR> d-------- C:\Program Files\uTorrent

2008-08-08 23:11 . 2008-08-14 21:59 <DIR> d-------- C:\Documents and Settings\GS\Application Data\uTorrent

2008-08-08 22:11 . 2008-08-08 22:11 <DIR> d-------- C:\Program Files\Curse

2008-08-07 20:43 . 2008-08-07 20:43 <DIR> d-------- C:\WINDOWS\Logs

2008-08-07 17:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-08-07 17:28 . 2008-08-07 17:28 <DIR> d-------- C:\Program Files\Panda Security

2008-08-07 17:26 . 2008-08-07 17:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-07 17:26 . 2008-08-07 17:26 <DIR> d-------- C:\Documents and Settings\GS\Application Data\Malwarebytes

2008-08-07 17:26 . 2008-08-07 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-07 17:26 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-07 17:26 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-07 17:19 . 2008-08-07 17:19 <DIR> d-------- C:\Program Files\Trend Micro

2008-08-07 17:16 . 2008-08-12 22:01 <DIR> d-------- C:\Documents and Settings\GS\Application Data\U3

2008-08-03 21:47 . 2008-08-03 21:48 449 --a------ C:\WINDOWS\wininit.ini

2008-08-03 21:18 . 2008-08-03 21:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-03 21:18 . 2008-08-03 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-03 20:22 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-13 02:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-13 02:53 9,038 ----a-w C:\Program Files\ReadMe.rtf

2008-08-13 02:53 2,228,224 ----a-w C:\Program Files\AMDClock.exe

2008-08-13 02:29 --------- d-----w C:\Program Files\Common Files\Ahead

2008-08-13 02:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-13 02:28 --------- d-----w C:\Program Files\InterActual

2008-08-13 02:28 --------- d-----w C:\Program Files\Google

2008-08-13 02:27 --------- d-----w C:\Program Files\321Studios

2008-08-13 02:26 --------- d-----w C:\Program Files\DivX

2008-08-13 02:26 --------- d-----w C:\Program Files\AIM

2008-08-13 02:26 --------- d-----w C:\Documents and Settings\GS\Application Data\Aim

2008-08-13 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-08-12 21:16 --------- d-----w C:\Program Files\World of Warcraft

2008-08-12 21:15 --------- d-----w C:\Program Files\Viewpoint

2008-08-12 21:15 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-12 21:15 --------- d-----w C:\Documents and Settings\GS\Application Data\Viewpoint

2008-08-12 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-08-12 21:14 --------- d-----w C:\Program Files\MySpace

2008-08-11 21:09 --------- d-----w C:\Program Files\Java

2008-08-09 03:11 --------- d-----w C:\Program Files\BitComet

2008-08-07 21:01 --------- d-----w C:\Program Files\LimeWire

2008-08-07 21:01 --------- d-----w C:\Program Files\Incomplete

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll

2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll

2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll

2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll

2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll

2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll

2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll

2008-05-16 15:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2006-08-23 05:39 752,673 ----a-w C:\Program Files\WEB-WOWEx-E3-downloader.exe

2006-08-23 05:38 745,507 ----a-w C:\Program Files\Flying_Mount_PC_EG-downloader.exe

2006-08-10 02:46 4,621,782 ----a-w C:\Program Files\MKombat-1500-2.1.zip

2006-07-10 00:33 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe

2006-02-07 04:34 10,537,576 ----a-w C:\Program Files\zlsSetup_61_737_000_en.exe

2006-01-18 02:40 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [bU]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-05-19 10:57 1400832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-09 12:26 1232152]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 22:48 77824 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

"AMD_Display"="" [bU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-12-18 14:25:26 82026]

LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-08-11 20:06:34 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

C:\Program Files\AIM6\aim6.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1136712267\ee\AOLHostManager.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-08-07 23:17 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTray]

C:\PROGRA~1\ENLTV\ENLTV\TVTray.exe [bU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\World of Warcraft\\Launcher.exe"=

"C:\\Program Files\\World of Warcraft\\Repair.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"6881:TCP"= 6881:TCP:Blizzard Downloader

"6999:TCP"= 6999:TCP:Blizzard Downloader

"26304:TCP"= 26304:TCP:BitComet 26304 TCP

"26304:UDP"= 26304:UDP:BitComet 26304 UDP

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 22:11]

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-09 12:27]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-09 12:26]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 12:26]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-09 12:27]

R3 Cap7134;713x_3 TV Card Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2005-03-10 12:21]

R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2005-06-29 04:28]

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\GS\Application Data\Mozilla\Firefox\Profiles\qala1n7b.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-15 23:13:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-15 23:14:10

ComboFix-quarantined-files.txt 2008-08-16 03:14:07

Pre-Run: 46,406,262,784 bytes free

Post-Run: 46,394,646,528 bytes free

213 --- E O F --- 2008-08-13 07:03:17

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:16:48 PM, on 8/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: LaunchU3.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134923201123

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5549 bytes

Link to post
Share on other sites

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price.

Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.