|
|
|
|||||||
| Notices |
 |
|
|
Thread Tools | Display Modes |
04-04-2009, 03:43 PM
|
#581 |
|
ƒ(ψ)=Θº×φ
 
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
  OS:
 |
Re: Cannot access Antivirus Sites/Google/Avast etc.
@StrongWall ::
Fix this entry in HijackThis : O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/xx/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg Also I don't think that will fix your problem. Run ComboFix and post the log file.
__________________
Please don't click here |
|
|
|
05-04-2009, 12:45 AM
|
#582 |
|
Newbie
Join Date: Apr 2009
Age: 20
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Here's the combo fix log
Code:
ComboFix 09-04-03.01 - xx 2009-04-04 14:54:12.1 - NTFSx86
Running from: c:\documents and settings\xx\Escritorio\Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams.
ADS - explorer.exe: deleted 228 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.
2009-04-01 23:50 . 2009-04-01 23:50 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-01 23:50 . 2009-04-01 23:50 1,409 --a------ c:\windows\QTFont.for
2009-03-29 12:58 . 2009-03-29 14:30 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-03-25 03:34 . 2009-03-25 03:34 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 03:34 . 2009-03-25 03:41 <DIR> d-------- c:\documents and settings\xx\Datos de programa\AVGTOOLBAR
2009-03-25 03:34 . 2009-03-25 03:34 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\avg8
2009-03-25 03:34 . 2009-03-25 03:34 <DIR> d----c--- c:\archivos de programa\AVG
2009-03-25 03:34 . 2009-03-25 03:34 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-25 03:34 . 2009-03-25 03:34 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 03:34 . 2009-03-25 03:34 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-19 01:42 . 2009-03-19 01:42 <DIR> d-------- c:\documents and settings\xx\Datos de programa\NCH Swift Sound
2009-03-19 01:42 . 2009-03-19 01:42 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\NCH Swift Sound
2009-03-19 01:42 . 2009-03-19 01:42 <DIR> d----c--- c:\archivos de programa\NCH Swift Sound
2009-03-19 01:42 . 2009-03-19 01:42 <DIR> d----c--- c:\archivos de programa\NCH Software
2009-03-19 00:35 . 2009-03-19 00:35 <DIR> d-------- c:\documents and settings\xx\Datos de programa\AccurateRip
2009-03-19 00:35 . 2009-03-19 00:35 <DIR> d----c--- c:\archivos de programa\Illustrate
2009-03-16 23:09 . 2009-03-16 23:09 106,496 -rahs---- c:\windows\system32\qkokv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 17:58 72,110,112 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-04 14:53 34 ----a-w c:\documents and settings\xx\jagex_runescape_preferences.dat
2009-04-04 09:02 844,844 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-01 15:52 --------- d-----w c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-04-01 15:51 --------- dc----w c:\archivos de programa\Spybot - Search & Destroy
2009-03-28 04:54 --------- dc----w c:\archivos de programa\Last.fm
2009-03-19 03:33 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-03-07 15:12 --------- dc----w c:\archivos de programa\Warcraft III
2009-02-23 04:30 --------- d-----w c:\documents and settings\xx\Datos de programa\Reallusion
2009-02-23 04:29 304,160 -c--a-w C:\PA207.DAT
2009-02-23 04:19 --------- dc----w c:\archivos de programa\Reallusion
2009-02-23 04:19 --------- d--h--w c:\archivos de programa\InstallShield Installation Information
2009-02-23 04:04 --------- d-----w c:\archivos de programa\Archivos comunes\Reallusion
2009-02-23 04:00 --------- d-----w c:\documents and settings\xx\Datos de programa\InstallShield
2009-02-23 03:58 --------- dc----w c:\archivos de programa\Common Files
2009-02-23 03:58 --------- d-----w c:\archivos de programa\Archivos comunes\i-Look 110
2008-09-23 02:35 101,216 ----a-w c:\documents and settings\xx\Datos de programa\GDIPFONTCACHEV1.DAT
2008-04-27 03:34 21 ----a-w c:\archivos de programa\Archivos comunes\appop.log
2006-03-20 18:37 5,689,344 -c--a-w c:\archivos de programa\mplayerc.exe
2006-06-15 23:33 233,472 ----a-w c:\archivos de programa\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 21:43 204,895 ----a-w c:\archivos de programa\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 17:41 77,824 ----a-w c:\archivos de programa\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 16:10 426,081 ----a-w c:\archivos de programa\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 15:19 458,752 ----a-w c:\archivos de programa\mozilla firefox\plugins\imagickrt.dll
2006-04-10 21:35 139,264 ----a-w c:\archivos de programa\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 14:10 204,800 ----a-w c:\archivos de programa\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 14:42 106,496 ----a-w c:\archivos de programa\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 14:22 212,992 ----a-w c:\archivos de programa\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 14:21 167,936 ----a-w c:\archivos de programa\mozilla firefox\plugins\RLVoiceUnpacker.dll
2005-05-13 20:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 14:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 00:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-07 22:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 15:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 18:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 01:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 03:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 13:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 16:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 03:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"AVG8_TRAY"="c:\archiv~1\AVG\AVG8\avgtray.exe" [2009-03-25 1932568]
c:\documents and settings\xx\Men£ Inicio\Programas\Inicio\
Media Key.lnk - c:\archivos de programa\Media Key\MagicKey.exe [2006-04-29 159744]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 03:34 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 15:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-19 15:57 1667584 c:\archivos de programa\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\IDM\\QUICKfind\\QFServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Archivos de programa\\Warcraft III\\Warcraft III.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2256:TCP"= 2256:TCP:WWW
"6223:TCP"= 6223:TCP:WWW
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-02-17 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-02-17 44928]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 107912]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2006-04-29 12856]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [2006-04-29 8576]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-02-23 31616]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2006-02-17 28160]
S2 Wmdmman;Update Logon;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-01-29 40832]
S3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [2009-02-23 618112]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S4 dzhbgo;dzhbgo;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 gjdwdi;gjdwdi;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 kyfmd;kyfmd;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 mcsonsi;mcsonsi;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 mvjyk;mvjyk;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 nycprize;nycprize;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 rvjpnspn;rvjpnspn;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
S4 wordee;wordee;c:\windows\system32\svchost.exe -k netsvcs [2008-12-20 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmman
wordee
gjdwdi
rvjpnspn
kyfmd
nycprize
mvjyk
dzhbgo
mcsonsi
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05212e9e-fc0c-11da-8049-0015f268ba51}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{981d7580-9dd3-11dc-a3b6-c34ec8059259}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85c57c3-57a9-11da-8ddc-806d6172696f}]
\Shell\AutoRun\command - d:\bin\Assetup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-02 c:\windows\Tasks\Liberador de espacio en disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
IE: Add to AMV Converter... - c:\archivos de programa\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\archivos de programa\MP3 Player Utilities 4.13\MediaManager\grab.html
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
FF - ProfilePath - c:\documents and settings\xx\Datos de programa\Mozilla\Firefox\Profiles\ozldzch8.default\
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\documents and settings\xx\Datos de programa\Mozilla\Firefox\Profiles\ozldzch8.default\extensions\{35E20BC7-2CC1-4BE3-A122-25A2ED877C73}\plugins\npmozax.dll
---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\defaults\pref\ff.js - pref("capability.policy.default.ClassID.CID1FD3325A-2091-4E2B-A142-F8D1D0BC1EAB", "AllAccess");.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 14:58:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmman]
"ServiceDll"="c:\windows\system32\qkokv.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-04-04 15:03:40
ComboFix-quarantined-files.txt 2009-04-04 18:02:25
Pre-Run: 15.850.426.368 bytes libres
Post-Run: 15,826,866,176 bytes libres
218
|
|
|
|
|
05-04-2009, 01:31 PM
|
#583 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Disable System Restore, disconnect from internet, open command prompt (cmd.exe) and type the following :
Code:
sc delete Wmdmman ipconfig /flushdns Code:
File::
c:\windows\system32\qkokv.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05212e9e-fc0c-11da-8049-0015f268ba51}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{981d7580-9dd3-11dc-a3b6-c34ec8059259}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85c57c3-57a9-11da-8ddc-806d6172696f}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmman]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost find the value named netsvcs, double click to edit, find the lines containing Wmdmman, wordee, gjdwdi, rvjpnspn, kyfmd, nycprize, mvjyk, dzhbgo and mcsonsi and delete only those lines, click OK and close the edit window. Reboot, and check and see if you can access antivirus sites. |
|
|
|
|
06-04-2009, 08:37 AM
|
#584 |
|
Newbie
Join Date: Apr 2009
Age: 20
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
It worked!
Thank you so much for the help. |
|
|
|
|
06-04-2009, 06:33 PM
|
#585 |
|
Newbie
Join Date: Apr 2009
Age: 19
Posts: 3
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hi I have been having the same issues as those above me, Here are both my hijack and combofix logs. This problem has really been causing me some stress so I hope some one can at least guide me on the best course of action, thanks!
HijackThis Log: Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:15 PM, on 6/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Urban\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9279 bytes
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:15 PM, on 6/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Urban\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9279 bytes
|
|
|
|
|
06-04-2009, 09:29 PM
|
#586 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Your HijackThis log file looks clean. You can however fix these two entries :
Code:
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s And it looks like you forgot to put the Combofix log file and attached HijackThis twice. |
|
|
|
|
07-04-2009, 04:19 AM
|
#587 |
|
Newbie
Join Date: Apr 2009
Age: 19
Posts: 3
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Apologies on that, here is my combofix log.
Code:
ComboFix 09-04-04.01 - Urban 2009-04-07 7:44:11.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1651 [GMT 10:00]
Running from: c:\documents and settings\Urban\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090406-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.
2009-04-04 13:11 . 2009-04-04 13:12 <DIR> d-------- c:\documents and settings\Urban\Application Data\Canon
2009-04-02 21:27 . 2009-02-19 08:21 2,769,658 --a------ c:\windows\system32\GameMon.des
2009-03-29 00:01 . 2009-03-29 00:03 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-29 00:01 . 2009-03-29 00:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-28 23:19 . 2009-03-28 23:19 <DIR> d-------- c:\program files\Alwil Software
2009-03-28 01:02 . 2009-03-28 01:02 <DIR> d-------- c:\program files\Common Files\INCA Shared
2009-03-28 01:02 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-03-28 01:02 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-03-27 23:32 . 2009-03-27 23:33 <DIR> d-------- c:\program files\NCSoft
2009-03-22 15:08 . 2009-03-22 15:08 <DIR> d-------- c:\program files\Sierra Entertainment
2009-03-21 09:08 . 2009-03-21 09:08 4,194,322 --a------ C:\memory_map.tga
2009-03-21 08:25 . 2009-03-21 08:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 18:33 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-20 18:33 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-12 19:35 . 2009-03-12 19:35 682,280 --a------ c:\windows\system32\pbsvc.exe
2009-03-12 19:14 . 2009-03-12 19:14 <DIR> d-------- c:\windows\nview
2009-03-12 19:14 . 2009-03-12 19:14 161,961 --a------ c:\windows\system32\nvapps.xml
2009-03-10 19:08 . 2009-03-10 19:14 <DIR> d-------- c:\documents and settings\Urban\Application Data\Ventrilo
2009-03-10 19:07 . 2009-03-10 19:07 <DIR> d-------- c:\program files\Ventrilo
2009-03-10 19:07 . 2009-03-10 19:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-10 19:07 . 2009-03-10 19:07 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-07 19:03 . 2009-03-07 19:03 <DIR> d-------- c:\documents and settings\Urban\Application Data\The Creative Assembly
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 21:32 --------- d-----w c:\program files\Steam
2009-04-06 13:37 189,496 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-06 12:15 139,984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-06 09:08 --------- d-----w c:\documents and settings\Urban\Application Data\Xfire
2009-04-06 09:00 --------- d-----w c:\program files\Xfire
2009-03-28 11:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 13:31 --------- d-----w c:\documents and settings\Urban\Application Data\GetRightToGo
2009-03-12 09:48 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-12 09:35 22,328 ----a-w c:\documents and settings\Urban\Application Data\PnkBstrK.sys
2009-03-12 09:22 --------- d-----w c:\program files\Activision
2009-03-05 07:33 84,992 --sha-r c:\windows\system32\kryoyrdo.dll
2009-02-27 13:14 --------- d-----w c:\program files\Guild Wars
2009-02-26 12:54 --------- d-----w c:\program files\MSXML 4.0
2009-02-26 12:54 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-25 06:21 --------- d-----w c:\program files\ScanSoft
2009-02-25 06:21 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-02-25 06:21 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-25 06:21 --------- d-----w c:\documents and settings\Urban\Application Data\ScanSoft
2009-02-25 06:21 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-25 06:21 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-25 06:20 --------- d-----w c:\program files\ArcSoft
2009-02-25 06:20 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-25 06:19 --------- d-----w c:\program files\Canon
2009-02-25 06:17 --------- d--h--w c:\program files\CanonBJ
2009-02-25 06:17 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-23 06:26 --------- d-----w c:\program files\Bethesda Softworks
2009-02-23 06:25 --------- d--h--r c:\documents and settings\Urban\Application Data\SecuROM
2009-02-19 09:42 --------- d-----w c:\documents and settings\Urban\Application Data\gslist
2009-02-18 04:44 401,408 ----a-w c:\windows\system32\nvcuvid.dll
2009-02-17 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-17 11:40 --------- d-----w c:\program files\MSXML 6.0
2009-02-16 21:51 --------- d-----w c:\program files\VideoLAN
2009-02-16 21:51 --------- d-----w c:\documents and settings\Urban\Application Data\vlc
2009-02-16 19:48 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-16 19:48 --------- d-----w c:\program files\Autodesk
2009-02-16 19:48 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-02-16 19:47 --------- d-----w c:\program files\MSBuild
2009-02-16 19:45 --------- d-----w c:\program files\Reference Assemblies
2009-02-16 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-16 18:56 --------- d-----w c:\program files\Common Files\Adobe
2009-02-16 18:56 --------- d-----w c:\program files\Bonjour
2009-02-16 18:51 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-16 08:43 --------- d-----w c:\documents and settings\Urban\Application Data\Azureus
2009-02-16 06:41 --------- d-----w c:\program files\AskSearch
2009-02-16 06:41 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-02-16 06:40 --------- d-----w c:\program files\Vuze
2009-02-16 06:22 --------- d-----w c:\program files\Windows Live
2009-02-16 06:22 --------- d-----w c:\program files\Microsoft
2009-02-16 06:21 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 06:15 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-09 06:47 --------- d-----w c:\program files\Microsoft.NET
2009-02-09 06:47 --------- d-----w c:\program files\Microsoft Works
2009-02-06 08:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-24 12:23 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-14 22:19 453,152 ----a-w c:\windows\system32\nvudisp.exe
2009-01-07 01:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-06_21.37.01.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-06 21:32:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_790.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-02-01 1410296]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-04 185872]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-12 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-12 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-11-12 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\Urban\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-24 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-28 20560]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S2 Tapiserv;Update Trusted;c:\windows\system32\svchost.exe -k netsvcs [2006-02-28 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Tapiserv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{123c1f41-ea56-11dd-a7b0-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 07:45:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tapiserv]
"ServiceDll"="c:\windows\system32\kryoyrdo.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1604221776-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,17,5f,83,ff,3a,5f,d3,ce,b6,c5,c0,7c,2f,ca,4c,0f,fa,75,24,b3,90,0c,
98,f1,2e,56,00,47,1a,a4,f1,5a,1c,7d,54,63,85,bc,df,ab,8f,1b,be,52,bb,d8,dd,\
"??"=hex:ca,0b,5d,94,18,06,fa,53,5c,f1,56,2c,4a,fe,e7,8f
.
Completion time: 2009-04-07 7:47:00
ComboFix-quarantined-files.txt 2009-04-06 21:46:58
ComboFix2.txt 2009-04-06 11:59:05
ComboFix3.txt 2009-04-06 11:42:36
ComboFix4.txt 2009-04-06 11:38:34
Pre-Run: 166,702,964,736 bytes free
Post-Run: 166,692,929,536 bytes free
204 --- E O F --- 2009-02-26 12:54:14
|
|
|
|
|
07-04-2009, 01:45 PM
|
#588 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Disable System Restore, disconnect from internet, open command prompt (cmd.exe) and type the following :
Code:
sc delete Tapiserv ipconfig /flushdns Code:
File:: c:\windows\system32\kryoyrdo.dll Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tapiserv] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost find the value named netsvcs, double click to edit, find the line containing Tapiserv and delete only that lines, click OK and close the edit window. Reboot, and check and see if you can access antivirus sites. Now install this hotfix if not already installed : http://www.microsoft.com/technet/sec.../MS08-067.mspx |
|
|
|
| Thanked Users: | Urbanrat (07-04-2009) |
|
07-04-2009, 03:06 PM
|
#589 |
|
Newbie
Join Date: Apr 2009
Age: 19
Posts: 3
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
My friend, you are a legend! I have never seen my computer go this fast before, I could hug you haha. Anyway it worked a treat so thank you very much!
|
|
|
|
|
08-04-2009, 08:28 AM
|
#590 |
|
Newbie
Join Date: Apr 2009
Age: 20
Posts: 5
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Hi!
Okay here's my problem: I can't access anti-virus sites so I can't even do a housecall on trend micro. I tried updating my Kaspersky internet security but for some reasons it just stops the update process so now my anti-virus database is outdated. I suspect all anti-virus sites are blocked as I could not download http://www.symantec.com/content/en/u...ixDownadup.exe via Internet Download Manager. I switched to safe mode and alas I could now access anti-virus sites. I ran housecall and was told it has fixed the errors it found. Also ran microsoft's spyware removal tool (that 9mb thing) and was told too that errors were fixed. Ran symantec's fixdownadup as well though I kinda forgot the results,lol. So anyhow, i went back to normal mode and found that I still could not access AV sites. So I ran combofix but was disappointed to find out that the problem still persists. I ran malwarebytes' anti-malware and this time I was told that it did not find any malware. So I'm posting the log files I got from hijackthis and combofix for analysis. Please help. Thanks! Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:03:04 AM, on 4/8/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe C:\Users\senpel\Program Files\DNA\btdna.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Users\SENPEL~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\senpel\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-18\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub/bin...areScanner.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7309 bytes Code:
ComboFix 09-04-04.01 - senpel 2009-04-08 6:37:52.1 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6001.1.1252.1.1033.18.1977.1227 [GMT 8:00]
Running from: c:\users\senpel\Favorites\Contacts\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\senpel\CA-42 DRIVER\3116 Driver\Desktop_.ini
c:\users\senpel\CA-42 DRIVER\PL-2303 Driver\Desktop_.ini
c:\users\senpel\CA-42 DRIVER\PL-2303 Driver\Win2K_XP\Desktop_.ini
c:\users\senpel\CA-42 DRIVER\PL-2303 Driver\Win98_ME\Desktop_.ini
.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.
2009-04-08 04:17 . 2009-04-08 04:17 <DIR> d-------- c:\program files\CCleaner
2009-04-08 03:33 . 2009-04-08 03:33 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-04-07 19:40 . 2009-04-07 19:40 <DIR> d-------- C:\Camtasia Studio
2009-04-07 19:39 . 2009-04-07 19:39 <DIR> d-------- c:\windows\System32\Flash
2009-04-07 19:39 . 2009-04-07 19:39 <DIR> d-------- c:\users\All Users\TechSmith
2009-04-07 19:39 . 2009-04-07 19:39 <DIR> d-------- c:\programdata\TechSmith
2009-04-07 19:39 . 2009-04-07 19:39 <DIR> d-------- c:\program files\TechSmith
2009-04-07 19:39 . 2009-04-07 19:39 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2009-04-07 15:43 . 2009-04-07 15:45 2,269,568 --a------ C:\FixDownadup.exe
2009-04-07 15:42 . 2009-04-07 15:44 3,309,328 --a------ C:\XoftSpySE_Setup_RW.exe
2009-04-07 15:37 . 2009-04-08 04:45 102,664 --a------ c:\windows\System32\drivers\tmcomm.sys
2009-04-07 15:34 . 2009-04-08 06:02 <DIR> d-------- c:\windows\System32\config\systemprofile\.housecall6.6
2009-04-07 15:26 . 2009-04-07 15:26 <DIR> d-------- C:\744b0d804381a192a2dfcafd31
2009-04-07 15:22 . 2009-04-07 15:26 10,246,088 --a------ C:\windows-kb890830-v2.8.exe
2009-04-06 18:55 . 2009-04-07 15:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 18:55 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-06 18:55 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-06 18:30 . 2005-09-27 12:15 83,592 --a------ c:\windows\System32\SSSensor.dll
2009-04-06 18:29 . 2009-04-06 18:29 <DIR> d-------- c:\program files\Sygate
2009-04-06 18:29 . 2009-04-06 18:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-04-06 16:56 . 2009-04-07 05:52 <DIR> d-------- c:\users\senpel\AppData\Roaming\Azureus
2009-04-06 16:56 . 2009-04-06 16:56 <DIR> d-------- c:\users\All Users\Azureus
2009-04-06 16:56 . 2009-04-06 16:56 <DIR> d-------- c:\programdata\Azureus
2009-04-06 16:55 . 2009-04-06 16:56 <DIR> d-------- c:\program files\Vuze
2009-04-06 15:52 . 2009-04-06 15:52 <DIR> d-------- c:\program files\Internet Download Manager
2009-04-06 15:50 . 2009-04-06 15:50 <DIR> d-------- c:\users\senpel\Program Files
2009-04-06 14:53 . 2009-04-06 14:53 <DIR> d-------- c:\users\senpel\AppData\Roaming\Uniblue
2009-04-06 14:52 . 2009-04-06 14:52 <DIR> d-------- c:\program files\Uniblue
2009-04-06 14:49 . 2009-04-06 14:52 <DIR> d--h-c--- c:\users\All Users\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-06 14:49 . 2009-04-06 14:52 <DIR> d--h-c--- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-06 14:02 . 2009-04-06 14:02 <DIR> d-------- c:\program files\RegistryFix7
2009-04-06 13:45 . 2009-04-06 13:45 <DIR> d-------- c:\users\senpel\AppData\Roaming\Malwarebytes
2009-04-06 13:45 . 2009-04-06 13:45 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-06 13:45 . 2009-04-06 13:45 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-06 13:18 . 2009-04-06 13:18 <DIR> d-------- c:\program files\Trend Micro
2009-04-06 13:13 . 2009-04-06 13:13 <DIR> d-------- c:\users\senpel\AppData\Roaming\True Sword
2009-04-06 13:12 . 2009-04-06 16:03 <DIR> d-------- c:\program files\True Sword 5
2009-04-02 21:51 . 2009-04-02 22:12 <DIR> d-------- c:\users\Guest\AppData\Roaming\BitTorrent
2009-04-02 10:16 . 2009-04-08 06:34 <DIR> d-------- c:\users\senpel\AppData\Roaming\DNA
2009-04-02 10:16 . 2009-04-08 00:16 <DIR> d-------- c:\users\senpel\AppData\Roaming\BitTorrent
2009-04-02 10:16 . 2009-04-06 15:42 <DIR> d-------- c:\program files\DNA
2009-04-02 10:16 . 2009-04-02 10:16 <DIR> d-------- c:\program files\BitTorrent
2009-04-02 10:01 . 2009-04-02 11:54 <DIR> d-------- c:\users\All Users\Ten Thumbs Typing Tutor
2009-04-02 10:01 . 2009-04-02 11:54 <DIR> d-------- c:\programdata\Ten Thumbs Typing Tutor
2009-04-02 10:01 . 2009-04-02 10:01 <DIR> d-------- c:\program files\Ten Thumbs Typing Tutor 4.7
2009-04-02 09:51 . 2009-04-02 09:51 <DIR> d-------- c:\program files\TypingMaster
2009-03-30 22:12 . 2009-03-30 22:12 <DIR> d-------- c:\users\Guest\AppData\Roaming\vlc
2009-03-30 22:12 . 2009-03-30 22:12 <DIR> d-------- c:\users\Guest\AppData\Roaming\LimeWire
2009-03-24 12:55 . 2009-03-24 12:56 <DIR> d-------- c:\users\senpel\AppData\Roaming\dvdcss
2009-03-22 10:59 . 2009-04-07 19:39 <DIR> d-------- c:\windows\System32\Quicktime
2009-03-22 08:54 . 2009-03-22 08:55 <DIR> d-------- c:\users\All Users\SmartSound Software Inc
2009-03-22 08:54 . 2009-03-22 08:55 <DIR> d-------- c:\programdata\SmartSound Software Inc
2009-03-22 08:54 . 2009-03-22 08:54 <DIR> d-------- c:\program files\SmartSound Software
2009-03-22 08:53 . 2009-03-23 04:26 <DIR> d-------- c:\program files\QuickTime
2009-03-22 08:52 . 2009-03-22 08:52 <DIR> d-------- c:\users\All Users\Google
2009-03-22 08:52 . 2009-03-22 08:52 <DIR> d-------- c:\users\All Users\Apple
2009-03-22 08:52 . 2009-03-22 08:52 <DIR> d-------- c:\programdata\Apple
2009-03-22 08:52 . 2009-03-22 08:52 <DIR> d-------- c:\program files\Google
2009-03-22 08:52 . 2009-03-22 08:52 <DIR> d-------- c:\program files\Apple Software Update
2009-03-22 08:43 . 2009-04-06 15:58 <DIR> d-a------ c:\users\All Users\Temp
2009-03-22 08:43 . 2009-04-06 15:58 <DIR> d-a------ c:\programdata\Temp
2009-03-17 18:32 . 2009-03-17 18:32 109,568 -ra-s---- c:\windows\System32\gqqsgzq.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 22:42 251,532,320 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-07 22:35 --------- d-----w c:\users\senpel\AppData\Roaming\DMCache
2009-04-07 22:04 --------- d-----w c:\users\senpel\AppData\Roaming\Skype
2009-04-07 22:04 --------- d-----w c:\programdata\Kaspersky Lab
2009-04-07 20:40 3,358,844 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-07 11:22 --------- d-----w c:\users\senpel\AppData\Roaming\Any Video Converter
2009-04-06 20:52 --------- d-----w c:\users\senpel\AppData\Roaming\IDM
2009-04-03 02:51 --------- d-----w c:\users\senpel\AppData\Roaming\OpenOffice.org2
2009-04-02 13:51 --------- d-----w c:\programdata\CanonIJPLM
2009-04-02 13:16 --------- d-----w c:\users\Guest\AppData\Roaming\OpenOffice.org2
2009-04-02 02:19 --------- d-----w c:\users\senpel\AppData\Roaming\LimeWire
2009-03-31 05:36 --------- d-----w c:\program files\Common Files\Adobe
2009-03-24 04:41 --------- d-----w c:\programdata\CyberLink
2009-03-22 03:44 --------- d-----w c:\users\senpel\AppData\Roaming\CyberLink
2009-03-22 02:59 --------- d-----w c:\program files\CyberLink
2009-03-22 02:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 00:54 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-05 23:46 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-05 23:45 --------- d-----w c:\program files\Java
2009-02-26 13:40 --------- d-----w c:\users\Guest\AppData\Roaming\CyberLink
2009-02-21 15:12 --------- d-----w c:\program files\LimeWire
2009-02-18 23:21 --------- d--h--w c:\programdata\CanonIJEGV
2009-02-14 08:21 --------- d-----w c:\program files\Any Video Converter
2009-02-14 06:18 --------- d-----w c:\program files\Microsoft.NET
2009-02-13 10:28 --------- d-----w c:\program files\Audacity
2009-02-10 07:38 --------- d-----w c:\users\senpel\AppData\Roaming\vlc
2009-02-10 07:37 --------- d-----w c:\program files\VideoLAN
2009-01-24 13:02 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2009-01-24 13:02 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2009-01-22 14:49 206,256 ----a-w c:\windows\System32\idmmbc.dll
2008-01-21 02:46 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 22:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-06 20034600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [2009-03-22 162744]
"BitTorrent DNA"="c:\users\senpel\Program Files\DNA\btdna.exe" [2009-04-06 342848]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\users\senpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Users^senpel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^senpel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\senpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2006-12-05 22:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2007-06-11 18:16 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-12-13 08:49 217088 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-11-30 16:56 1306624 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-06-17 13:39 145944 c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-06 18:53 20034600 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E318386-FF5B-4AE5-AE74-03F70D4FA6E1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{03BA4235-131F-45A9-8B46-B5AFA3FB3313}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{025521A2-24E2-4614-BE9B-2DD2939E1534}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{11D15AA4-6259-4C6C-A228-15A5E8268C05}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{AC700BC4-9053-437D-BE35-DD449E7BF4B2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BB6B7D89-3B96-4536-A076-61B65DD3A26F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C35D92A9-1B0C-4B5A-9647-A9176CB74684}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FB46181E-850A-4135-A97A-558951519CDA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C116AD40-16CE-488D-AA10-20DFDA1A9911}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{2A3B8C5B-9746-46EC-BEAD-B7B44512DF9E}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{F0D7A117-9C64-45E6-AC6C-01C167754FB6}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{9874C771-C3A3-4834-931C-04998E03A22C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9C0EFECF-247E-46C1-B0A0-282B83AF09CA}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F74D0684-EB68-4D24-A8BC-7DCE41FA0555}"= UDP:5071:mtnbtl
"{09523B51-DDF2-407B-AEE0-DCE68F774BA4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A0A3C6EA-32CE-4B5F-9522-CFADAB969595}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{037F8E1A-CD8A-40F8-AC17-4A44FD6A35C1}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1ADC50BF-4F34-4743-B904-ABACF7B25FC0}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E45DF685-BC0F-498F-83C1-66C2C53C160B}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{6CE42BB4-CEA6-4ED2-BF3C-4CCB1E710E78}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{47B5FC98-18E1-4239-98B6-7EC47D188B8C}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{4B00B1BE-C4D0-41C4-9887-A2DB7E41084F}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D66C189F-634E-4FED-8F3B-2E90B27A7231}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D6E3FEFB-4DA4-440F-9E5D-F5C3C284D73F}c:\\users\\senpel\\program files\\dna\\btdna.exe"= UDP:c:\users\senpel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{80A018FA-E389-4A69-B5F2-C1CFB3B875A7}c:\\users\\senpel\\program files\\dna\\btdna.exe"= TCP:c:\users\senpel\program files\dna\btdna.exe:btdna.exe
"TCP Query User{C7130E70-FBCF-439C-B583-8C2609B41F99}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E0B50D1F-8582-4E39-9FB5-2B3518326B38}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{296B9F69-9575-4FFA-A1C5-42531294E0D9}"= TCP:22391:DebugPhoto SpeechApp
"{416856B9-7B3F-463E-A0B2-2EECED0B2FA3}"= UDP:17431:DebugPhoto Visualtracing
"{058E1686-7292-4C4A-B317-6747F5F1E72A}"= UDP:9929:DebugPhoto winsxsNET
"{388E0429-E4D5-4E21-8B2F-D2C997C38608}"= TCP:8034:DebugPhoto ComponentsBuild
"TCP Query User{C9D73C84-C715-497F-B3C1-14D3305A721A}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{92738111-D48E-4354-9E53-FC2266657DE0}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-12-29 84240]
S2 Lanmanagent;Trusted Driver;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Lanmanagent
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f05b5bb-d621-11dd-a1c0-001eecce0e17}]
\shell\AutoRun\command - wscript.exe auto.vbs
\shell\Open\Command - wscript.exe auto.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{413c6663-f1db-11dd-b306-001eecce0e17}]
\shell\AutoPlay\Command - console.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL console.exe
\shell\Explore\Command - console.exe
\shell\Open\Command - console.exe
\shell\Scan For Viruses\Command - console.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4f209a0-f372-11dd-b763-001eecce0e17}]
\shell\AutoRun\command - SilentSoftech.exe
\shell\explore\command - SilentSoftech.exe
\shell\open\command - SilentSoftech.exe
\shell\var1\command - SilentSoftech.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\User_Feed_Synchronization-{76B3F089-89F7-4796-B3FE-549496A176E2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 10:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx
FF - ProfilePath - c:\users\senpel\AppData\Roaming\Mozilla\Firefox\Profiles\ogzyyeqg.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\users\senpel\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\senpel\Program Files\DNA\plugins\npbtdna.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 06:43:01
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll
c:\windows\system32\WLDAP32.dll
- - - - - - - > 'lsass.exe'(716)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
.
Completion time: 2009-04-08 6:47:22
ComboFix-quarantined-files.txt 2009-04-07 22:47:18
Pre-Run: 21,739,266,048 bytes free
Post-Run: 22,546,599,936 bytes free
288 --- E O F --- 2009-02-10 19:00:59
 Also, this is what's inside my hosts file: Code:
# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost Last edited by bakuryu; 08-04-2009 at 02:30 PM.. |
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
