Jump to content


Photo

Computer attacked by malwares (Chek log)


  • This topic is locked This topic is locked
5 replies to this topic

#1 problems

problems

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 25 March 2009 - 05:09 PM

EDIT: One of our helpers took the time to help you the last time you posted and you never responded -- you would probably be all cleaned up by now if you had... If you want our help, you need to respond... You also need to follow the advice you are given to protect your computer so that you don't keep getting infected...

Hi please help me, I need help. I want you to check my log. Please help me! You'll be very gracefull.


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:29 PM, on 25/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\PCACCE~1\pcperf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.13.18.210:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCPerf] "C:\PROGRA~1\PCACCE~1\pcperf.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ramsaverpro27] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1231298603535
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O20 - Winlogon Notify: jkkHYoMG - jkkHYoMG.dll (file missing)
O20 - Winlogon Notify: opnnnmjJ - opnnnmjJ.dll (file missing)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlusŪ Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7390 bytes

Edited by Budfred, 25 March 2009 - 08:16 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 28 March 2009 - 05:25 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 30 March 2009 - 04:43 AM

problems,

Thanks for your patience. Our volunteers are very busy. Your log indicates that you have Malware on your system. Let's get started.

Please visit this webpage familiarize yourself with downloading and running ComboFix: http://www.bleepingc...to-use-combofix.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts. Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Please post the C:\Combofix.txt and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 problems

problems

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 30 March 2009 - 08:02 PM

Hi!

Combofix log: ComboFix 09-03-29.04 - Matout's Family 2009-03-30 21:22:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.227 [GMT -4:00]
Running from: c:\documents and settings\Matout's Family\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*
FW: Outpost Firewall Pro *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 18:33 . 2009-03-30 18:36 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-29 17:52 . 2009-03-29 17:56 <DIR> d-------- c:\program files\Google
2009-03-29 17:52 . 2009-03-30 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-03-26 22:50 . 2009-03-26 22:50 <DIR> d-------- c:\program files\directx
2009-03-26 22:38 . 2009-03-26 22:49 <DIR> d-------- c:\program files\DeusEx
2009-03-26 22:26 . 2009-03-26 22:26 <DIR> d-------- c:\documents and settings\Matout's Family\WINDOWS
2009-03-26 19:46 . 2009-03-26 19:47 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\BitTorrent
2009-03-26 19:39 . 2009-03-30 21:10 <DIR> d-------- c:\program files\DNA
2009-03-26 19:39 . 2009-03-26 19:39 <DIR> d-------- c:\program files\BitTorrent
2009-03-26 19:39 . 2009-03-30 21:20 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\DNA
2009-03-25 20:50 . 2009-03-25 22:10 <DIR> d-------- c:\documents and settings\Matout's Family\DoctorWeb
2009-03-25 19:22 . 2009-03-25 19:22 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-25 19:19 . 2009-03-25 19:19 <DIR> d-------- c:\windows\ERUNT
2009-03-21 22:14 . 2009-03-21 23:14 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-21 22:14 . 2009-03-21 23:14 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-21 22:12 . 2009-03-21 22:12 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-21 22:12 . 2009-03-30 21:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-21 22:12 . 2009-03-30 21:07 2,465,824 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-21 22:12 . 2009-03-30 21:07 352,288 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-21 22:12 . 2009-03-30 21:07 21,392 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-21 22:12 . 2009-03-30 21:07 3,332 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-21 16:43 . 2009-03-21 16:43 53,248 --a------ c:\windows\system32\mssetup.exe
2009-03-21 14:36 . 2009-03-21 14:36 <DIR> d--hs---- C:\found.001
2009-03-21 12:17 . 2009-03-21 12:17 <DIR> d--hs---- C:\found.000
2009-03-17 20:41 . 2009-03-19 18:23 1,127 --a------ c:\windows\system32\BDUpdateV1.xml
2009-03-17 20:16 . 2009-03-17 20:27 121 --a------ c:\windows\bdagent.INI
2009-03-17 13:30 . 2009-03-21 17:19 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-17 13:25 . 2009-03-17 13:25 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-17 13:25 . 2009-03-17 13:25 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-17 13:17 . 2009-03-17 13:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-03-17 13:13 . 2009-03-21 17:33 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-03-16 20:39 . 2009-03-16 20:39 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Apple Computer
2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d-------- c:\program files\iTunes
2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d-------- c:\program files\iPod
2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 20:37 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-16 20:37 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:35 . 2009-03-16 20:35 <DIR> d-------- c:\program files\Bonjour
2009-03-16 20:34 . 2009-03-16 20:35 <DIR> d-------- c:\program files\QuickTime
2009-03-16 20:33 . 2009-03-16 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-16 20:32 . 2009-03-16 20:32 <DIR> d-------- c:\program files\Apple Software Update
2009-03-16 20:31 . 2009-03-16 20:37 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-16 20:31 . 2009-03-16 20:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-15 20:28 . 2009-03-17 13:55 <DIR> d-------- c:\program files\PC Accelerator Professional
2009-03-15 20:28 . 2006-05-19 00:00 32,768 --a------ c:\windows\system32\Speed.dll
2009-03-15 20:28 . 2006-05-19 00:00 10,752 --a------ c:\windows\system32\aamd532.dll
2009-03-14 14:51 . 2009-03-15 13:02 <DIR> d-------- c:\program files\Game Accelerator
2009-03-13 22:46 . 2009-03-26 22:32 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Microsoft Games
2009-03-11 00:24 . 2008-04-13 20:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 00:41 . 2009-03-10 00:56 <DIR> d-------- c:\program files\BurnAware Professional
2009-03-10 00:20 . 2009-03-10 00:20 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Corel
2009-03-10 00:20 . 2009-03-15 15:43 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-10 00:20 . 2009-03-10 00:20 8 -r-hs---- c:\documents and settings\All Users\Application Data\F832821169.sys
2009-03-10 00:17 . 2009-03-10 00:17 <DIR> d-------- c:\program files\Common Files\Corel
2009-03-10 00:16 . 2009-03-10 00:16 <DIR> d-------- c:\program files\Common Files\Protexis
2009-03-10 00:16 . 2009-03-10 00:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-03-10 00:05 . 2009-03-10 00:05 <DIR> d-------- c:\program files\Corel
2009-03-08 02:09 . 2009-03-08 02:10 <DIR> d-------- c:\program files\LimeWire
2009-03-07 23:38 . 2009-03-07 23:38 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Canneverbe_Limited
2009-03-04 11:03 . 2009-03-04 11:03 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Cakewalk
2009-03-04 10:55 . 2006-11-30 16:49 368,640 --a------ c:\windows\system32\ReWire.dll
2009-03-04 10:55 . 2004-04-13 15:48 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2009-03-04 10:53 . 2009-03-04 10:55 <DIR> d-------- c:\program files\Cakewalk
2009-03-04 10:53 . 2009-03-04 10:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cakewalk
2009-03-04 10:53 . 2009-03-29 19:17 <DIR> d-------- C:\Cakewalk Projects
2009-03-03 20:43 . 2009-03-03 20:43 <DIR> d-------- c:\program files\Lavalys
2009-03-02 20:24 . 2009-03-02 21:05 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\codeblocks
2009-03-02 20:23 . 2009-03-02 20:58 <DIR> d-------- c:\program files\CodeBlocks
2009-02-25 23:41 . 2009-02-25 23:41 1,061,188 --a------ c:\windows\system32\ah.mx1
2009-02-25 23:41 . 2009-02-25 23:41 564,736 --a------ c:\windows\system32\ah.scr
2009-02-25 23:41 . 2009-02-25 23:41 45,056 --a------ c:\windows\system32\sstunst3.exe
2009-02-25 23:41 . 2009-02-25 23:41 20,610 --a------ c:\windows\system32\ah.ibx
2009-02-25 22:35 . 2009-02-25 22:35 716,272 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-23 20:53 . 2009-02-23 20:53 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\IObit
2009-02-23 20:52 . 2009-02-23 20:52 <DIR> d-------- c:\program files\IObit
2009-02-23 20:49 . 2009-02-23 20:49 <DIR> d-------- c:\program files\Godlike Developers
2009-02-23 20:42 . 2009-03-29 19:12 <DIR> d-------- c:\program files\System Accelerator
2009-02-23 19:35 . 2009-02-23 19:35 19 --a------ c:\windows\system32\sysaccelerator
2009-02-23 18:35 . 2009-02-23 18:35 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-02-23 18:31 . 2009-02-23 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPS
2009-02-23 12:47 . 2009-02-23 12:52 249,856 --------- c:\windows\Setup1.exe
2009-02-23 12:46 . 2009-02-23 12:52 73,216 --a------ c:\windows\ST6UNST.EXE
2009-02-23 12:44 . 2009-02-23 12:45 <DIR> d-------- c:\program files\Brutal Chess
2009-02-22 23:24 . 2009-02-22 23:31 <DIR> d-------- c:\program files\WinBoard-4.2.7
2009-02-22 22:58 . 2009-02-22 22:58 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-22 20:54 . 2008-02-07 18:10 <DIR> d--h----- C:\ckis
2009-02-22 15:33 . 2009-02-22 15:33 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Red Alert 3
2009-02-22 15:20 . 2009-02-22 15:20 <DIR> dr-h----- c:\documents and settings\Matout's Family\Application Data\SecuROM
2009-02-22 15:20 . 2009-02-22 15:20 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-02-22 14:43 . 2009-02-22 14:43 <DIR> d-------- c:\windows\Logs
2009-02-22 14:43 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-02-22 14:43 . 2007-07-19 19:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-02-22 14:43 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-02-22 14:43 . 2007-07-19 19:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2009-02-22 14:43 . 2008-05-30 15:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-02-22 14:43 . 2007-07-19 19:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2009-02-21 00:10 . 2009-02-21 22:40 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Kasper-Key_Sharing_Networ
2009-02-21 00:00 . 2009-02-21 00:00 <DIR> d-------- c:\documents and settings\Matout's Family\Application Data\Kaspersky_Key_Finder_(KKF
2009-02-19 00:57 . 2009-02-19 01:00 <DIR> d-------- c:\program files\Packet Tracer 5.1
2009-02-18 08:38 . 2006-04-10 15:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2009-02-18 08:36 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-18 08:36 . 2008-04-13 14:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-17 19:38 . 2009-02-17 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-17 19:35 . 2009-02-17 19:37 <DIR> d-------- c:\program files\Common Files\HP
2009-02-17 19:30 . 2009-02-17 19:31 <DIR> d-------- c:\program files\Hewlett-Packard
2009-02-17 19:29 . 2009-02-17 19:29 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-17 19:26 . 2006-03-03 22:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2009-02-17 19:26 . 2006-03-03 22:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-02-17 19:26 . 2006-03-03 22:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-02-17 19:26 . 2006-03-03 22:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-02-17 19:26 . 2006-03-03 22:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-02-17 19:26 . 2006-03-03 22:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-02-17 19:22 . 2009-02-17 19:37 <DIR> d-------- c:\program files\HP
2009-02-17 18:16 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-17 18:16 . 2008-04-13 14:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-17 18:16 . 2008-04-13 14:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-17 18:16 . 2008-04-13 14:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-17 18:07 . 2009-02-17 19:40 117,059 --a------ c:\windows\hpoins11.dat
2009-02-17 18:02 . 2006-04-12 20:04 49,664 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-02-17 18:02 . 2006-04-12 20:04 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2009-02-17 17:56 . 2006-04-12 20:02 827,392 --a------ c:\windows\system32\hpotiop2.dll
2009-02-17 17:56 . 2006-04-12 20:02 659,456 --a------ c:\windows\system32\hpowiax2.dll
2009-02-17 17:56 . 2006-04-12 20:04 282,624 --a------ c:\windows\system32\HPZc3212.dll
2009-02-17 17:56 . 2006-04-12 20:02 254,026 --a------ c:\windows\system32\hpovst09.dll
2009-02-17 17:56 . 2005-07-18 21:38 98,304 --a------ c:\windows\system32\hpzjsn01.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-22 03:14 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-22 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-16 23:38 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-12 03:41 --------- d-----w c:\documents and settings\Matout's Family\Application Data\LimeWire
2009-03-04 03:04 --------- d-----w c:\program files\Sony Setup
2009-03-04 01:42 --------- d-----w c:\program files\Sony
2009-03-04 01:42 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-02-27 21:53 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 22:35 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-02-21 02:27 --------- d-----w c:\program files\Windows Live
2009-02-15 23:16 --------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-02-10 00:21 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 02:27 --------- d-----w c:\documents and settings\Matout's Family\Application Data\Publish Providers
2009-02-01 02:25 --------- d-----w c:\documents and settings\Matout's Family\Application Data\Sony
2009-02-01 02:15 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-31 18:37 --------- d-----w c:\documents and settings\Matout's Family\Application Data\Sony Setup
2009-01-31 03:15 --------- d-----w c:\program files\MP3 Player Utilities 4.05
2009-01-25 04:47 65,549 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-25 04:47 6,120 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-25 04:47 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-12 23:54 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-08 01:53 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-08 01:53 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-07 03:10 558,142 ----a-w c:\windows\java\Packages\FNDJFLRF.ZIP
2009-01-07 03:10 155,995 ----a-w c:\windows\java\Packages\WS17ZHJ9.ZIP
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-12 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 15:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 18:31 27,904 ----a-w c:\windows\system32\uxtuneup.dll
2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll
.

------- Sigcheck -------

2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2002-08-28 13:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2009-02-23 18:35 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2009-02-23 18:35 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ramsaverpro27"="c:\program files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe" [2009-02-19 198688]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-26 321344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-12-25 1227080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PCPerf"="c:\progra~1\PCACCE~1\pcperf.exe" [2006-05-19 311296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-21 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoSMConfigurePrograms"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableFavoritesDirChange"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mssetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-01-07 703904]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-01-07 1267016]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-07 603904]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-01-07 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-01-07 257176]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S2 gupdate1c9b0b92681c60;Google Update Service (gupdate1c9b0b92681c60);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-01-07 34080]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-12 33752]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 17:52]

2009-03-31 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 17:54]

2009-03-30 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 19:15]

2009-03-30 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-02-23 20:53]

2009-03-29 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2008-04-13 20:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = 201.13.18.210:80
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Matout's Family\Application Data\Mozilla\Firefox\Profiles\d66ur3vb.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\documents and settings\Matout's Family\Application Data\Mozilla\Firefox\Profiles\d66ur3vb.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 21:28:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-1708537768-734180339-1003\Software\SecuROM\License information*]
"datasecu"=hex:05,6b,6f,d7,47,c7,91,1d,33,4f,6e,a4,1f,b2,15,4a,c1,1c,1f,35,82,
d3,54,b0,55,e9,fc,e2,ca,d2,8f,2f,e1,c2,4f,35,f1,10,ae,61,16,3c,59,e6,a8,5f,\
"rkeysecu"=hex:83,5c,59,ba,bb,b9,72,1e,c0,59,c7,c1,34,23,31,64
.
Completion time: 2009-03-30 21:32:47
ComboFix-quarantined-files.txt 2009-03-31 01:32:39
ComboFix2.txt 2009-03-26 00:43:47

Pre-Run: 15,147,503,616 bytes free
Post-Run: 15,418,454,016 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3
343 --- E O F --- 2009-03-14 20:40:17


Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:25 PM, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\PCACCE~1\pcperf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.13.18.210:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PCPerf] "C:\PROGRA~1\PCACCE~1\pcperf.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ramsaverpro27] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1231298603535
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b0b92681c60) (gupdate1c9b0b92681c60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7428 bytes



My computer is running so so.

#5 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 31 March 2009 - 09:02 PM

problems,

Thanks for the logs and information. More to do. :thumbsup:

Download SDFix and save it to your Desktop. Do not execute it.

Download Dr.Web CureIt to the desktop. Do not execute it.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix as follows:
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.
Boot your PC into Safe Mode, as before.

Run Dr.Web CureIt as follows:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
Please post the SDFix Report.txt, the DrWeb.csv report, and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 13 April 2009 - 04:16 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button