• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
skwid

Google Redirect

10 posts in this topic

I have recently acquired a Google Redirect issue. I am using Mozilla Firefox. I have done a complete system scan with AVG 8.5, a complete scan with Ad-Aware 2008, and an entire system scan with Malwarebytes. Everything says I am clean, but I am still having the issue. My computer is running terribly slow compared to normal. Any help would be greatly appreciated.

 

My HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:57:22 PM, on 7/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe

C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)

O2 - BHO: (no name) - {B2A8AB16-388D-3D08-D827-3AE6728559C7} - C:\WINDOWS\system32\pqkcx.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zach Howen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163497066187

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

 

--

End of file - 7612 bytes

Share this post


Link to post
Share on other sites

Hi,

 

Please post the log from Malwarebytes in your next reply.

Share this post


Link to post
Share on other sites

This was my first one. Had a few things there.

 

Malwarebytes' Anti-Malware 1.38

Database version: 2357

Windows 5.1.2600 Service Pack 2

 

6/30/2009 9:22:05 PM

mbam-log-2009-06-30 (21-22-05).txt

 

Scan type: Quick Scan

Objects scanned: 110711

Time elapsed: 7 minute(s), 59 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 5

Registry Data Items Infected: 2

Folders Infected: 6

Files Infected: 6

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b9f6e8eb-a4e3-478e-88a4-d3995b5c45c8} (Adware.PurityScan) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{2076d8f5-08ce-1033-0714-060814060001} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{2076d8f5-08cf-1033-0714-060814060001} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{2076d8f5-08d9-1033-0714-060814060001} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{2076d8f5-08da-1033-0714-060814060001} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Folders Infected:

C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

 

Files Infected:

c:\documents and settings\zach howen\local settings\temporary internet files\Content.IE5\CBWJQ3UB\load[1].php (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

c:\windows\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

c:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\zach howen\local settings\Temp\opr439.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.

 

This is the last one I ran.

 

Malwarebytes' Anti-Malware 1.38

Database version: 2357

Windows 5.1.2600 Service Pack 2

 

7/1/2009 12:32:57 PM

mbam-log-2009-07-01 (12-32-57).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 189853

Time elapsed: 48 minute(s), 29 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi,

 

Please update, because the database version is outdated.

Then rerun the scan again and post the log in your next reply. Also post a new HijackThislog in your next reply, after runnig the updated malwarebytes and reboot.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.38

Database version: 2377

Windows 5.1.2600 Service Pack 2

 

7/5/2009 6:09:38 PM

mbam-log-2009-07-05 (18-09-38).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 173270

Time elapsed: 24 minute(s), 48 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:10:46 PM, on 7/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O2 - BHO: (no name) - {B2A8AB16-388D-3D08-D827-3AE6728559C7} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zach Howen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163497066187

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

 

--

End of file - 7258 bytes

Share this post


Link to post
Share on other sites

Hi,

 

* Please visit this webpage for instructions for downloading and running ComboFix:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Post the log from ComboFix in your next reply.

 

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Share this post


Link to post
Share on other sites

ComboFix 09-07-05.04 - Zach Howen 07/06/2009 7:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3086 [GMT -5:00]

Running from: c:\documents and settings\Zach Howen\Desktop\DLs\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\progra~1\COMMON~1\{2076D~1

c:\progra~1\COMMON~1\{2076D~2

c:\progra~1\COMMON~1\{2076D~3

c:\progra~1\COMMON~1\{2076D~4

c:\progra~1\COMMON~1\{21E4D~1

c:\progra~1\COMMON~1\{3076D~1

c:\progra~1\COMMON~1\{3076D~1\Uninst.exe

c:\program files\Common Files\racle~1

c:\program files\Common Files\stem32~1

c:\program files\Common Files\ystem3~1

c:\program files\dobe~1

c:\windows\system32\crosof~1.net

c:\windows\system32\dobe~1

c:\windows\system32\drivers\hjgruiddrwoyin.sys

c:\windows\system32\hjgruidmxttlmj.dll

c:\windows\system32\hjgruiepvfaisv.dat

c:\windows\system32\hjgruipxlpptws.dll

c:\windows\system32\hjgruiyesvnclq.dat

c:\windows\system32\stem~1

c:\windows\system32\unsvchosts.lzma

c:\windows\system32\ystem~1

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_hjgruiwkdnhsao

 

 

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))

.

 

2009-07-06 08:00 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2009-07-05 19:17 . 2009-07-05 19:17 -------- d-----w- c:\program files\CCleaner

2009-07-05 19:15 . 2009-07-05 19:15 -------- d-----w- C:\!KillBox

2009-07-01 02:13 . 2009-07-01 02:13 -------- d-----w- c:\documents and settings\Zach Howen\Application Data\Malwarebytes

2009-07-01 02:12 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-01 02:12 . 2009-07-01 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-01 02:12 . 2009-07-01 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-01 02:12 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-01 00:46 . 2009-07-01 00:48 -------- d-----w- c:\documents and settings\Zach Howen\Local Settings\Application Data\Temp

2009-07-01 00:41 . 2009-07-01 00:41 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-01 00:41 . 2009-07-01 00:41 152576 ----a-w- c:\documents and settings\Zach Howen\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-07-01 00:31 . 2009-06-30 23:17 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-06-30 23:16 . 2009-06-30 23:16 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-06-30 23:16 . 2009-06-30 23:16 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-06-30 23:11 . 2009-06-30 23:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-06-30 23:11 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

2009-06-30 23:11 . 2009-06-30 23:11 -------- d-----w- c:\program files\Lavasoft

2009-06-30 21:37 . 2009-07-01 01:15 -------- d--h--w- C:\$AVG8.VAULT$

2009-06-30 21:18 . 2009-06-30 21:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-30 21:18 . 2009-06-30 21:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-30 21:18 . 2009-06-30 21:18 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-30 21:18 . 2009-07-05 22:08 -------- d-----w- c:\windows\system32\drivers\Avg

2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\AVG

2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-06-30 13:48 . 2009-07-01 13:43 -------- d-----w- c:\program files\World of Warcraft Public Test

2009-06-30 03:51 . 2009-06-30 21:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-24 23:21 . 2009-06-24 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore

2009-06-23 05:36 . 2009-06-23 05:36 -------- d-----w- c:\program files\MSXML 4.0

2009-06-23 01:08 . 2009-06-23 01:08 -------- d-----w- c:\documents and settings\Zach Howen\dwhelper

2009-06-23 00:49 . 2009-06-23 00:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio

2009-06-23 00:26 . 2009-06-23 00:26 -------- d-----w- c:\documents and settings\Zach Howen\Application Data\Roxio

2009-06-23 00:25 . 2009-06-24 23:25 256 ----a-w- c:\windows\system32\pool.bin

2009-06-23 00:25 . 2009-06-23 00:25 -------- d-----w- c:\documents and settings\Zach Howen\Application Data\Research In Motion

2009-06-23 00:21 . 2009-06-23 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2009-06-23 00:20 . 2009-06-23 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2009-06-23 00:18 . 2009-06-23 00:18 -------- d-----w- c:\program files\Common Files\Sonic Shared

2009-06-23 00:18 . 2009-06-23 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2009-06-23 00:18 . 2009-06-23 00:19 -------- d-----w- c:\program files\Roxio

2009-06-23 00:18 . 2009-06-23 00:19 -------- d-----w- c:\program files\Common Files\Roxio Shared

2009-06-23 00:14 . 2007-01-18 15:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys

2009-06-23 00:14 . 2009-06-23 00:14 -------- d-----w- c:\program files\Common Files\Research In Motion

2009-06-23 00:13 . 2009-06-23 00:13 -------- d-----w- c:\program files\Research In Motion

2009-06-23 00:10 . 2009-06-23 00:10 -------- d-sh--w- c:\windows\ftpcache

2009-06-21 23:48 . 2009-07-01 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-06-20 20:21 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-06-20 20:21 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll

2009-06-20 20:21 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-06-20 20:21 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-06-20 20:21 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-06-20 20:21 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-06-20 20:21 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-06-20 20:21 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-06-20 20:21 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-06-20 16:41 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-06 12:46 . 2006-11-11 20:47 91208 ----a-w- c:\documents and settings\Zach Howen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-06 08:00 . 2009-07-06 08:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-07-05 20:14 . 2007-11-18 06:09 -------- d-----w- c:\documents and settings\Zach Howen\Application Data\uTorrent

2009-07-01 02:04 . 2006-12-11 02:18 -------- d-----w- c:\program files\Trend Micro

2009-07-01 00:42 . 2007-01-08 01:20 -------- d-----w- c:\program files\Cognaxon

2009-07-01 00:41 . 2006-12-15 19:25 -------- d-----w- c:\program files\Java

2009-06-30 22:58 . 2007-05-12 07:25 -------- d-----w- c:\documents and settings\Zach Howen\Application Data\Viewpoint

2009-06-30 22:58 . 2006-11-11 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-06-30 22:58 . 2006-11-11 09:52 -------- d-----w- c:\program files\Viewpoint

2009-06-30 22:57 . 2006-12-10 21:00 -------- d-----w- c:\program files\ICQLite

2009-06-30 22:55 . 2006-11-11 20:51 -------- d-----w- c:\program files\AMD

2009-06-30 22:55 . 2008-03-23 05:30 -------- d-----w- c:\program files\BitComet

2009-06-30 22:55 . 2007-11-17 22:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-06-30 14:22 . 2006-11-11 09:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-06-27 00:01 . 2007-06-30 02:50 -------- d-----w- c:\documents and settings\Zach Howen\Application Data\U3

2009-06-24 23:21 . 2007-06-09 04:17 -------- d-----w- c:\program files\AIM6

2009-06-24 23:20 . 2006-11-11 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2009-05-09 06:14 . 2007-06-22 17:34 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll

2009-05-09 06:14 . 2009-05-09 06:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys

2009-05-07 15:44 . 2001-08-23 12:00 344064 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:52 . 2001-08-23 12:00 659456 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:52 . 2006-11-11 20:42 81920 ------w- c:\windows\system32\ieencode.dll

2009-04-17 09:58 . 2001-08-23 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 15:11 . 2001-08-23 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"Google Update"="c:\documents and settings\Zach Howen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-2 805392]

NETGEAR WG311v3 Wireless Assistant.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2008-6-9 2238]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-30 21:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"=KORGUMDD.DRV

"midi4"=KORGUMDD.DRV

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\Common Files\\AOL\\1163238723\\ee\\aim6.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

"c:\\Program Files\\Steam\\steamapps\\z3k3013\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1163238723\\ee\\aolsoftware.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"20429:TCP"= 20429:TCP:BitComet 20429 TCP

"20429:UDP"= 20429:UDP:BitComet 20429 UDP

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2009 6:17 PM 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2009 4:18 PM 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/30/2009 4:18 PM 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2009 4:18 PM 298776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 2:55 PM 34944]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [12/20/2005 2:07 AM 14976]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

.

Contents of the 'Scheduled Tasks' folder

 

2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:17]

 

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]

 

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2139871995-839522115-1003Core.job

- c:\documents and settings\Zach Howen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 00:46]

 

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2139871995-839522115-1003UA.job

- c:\documents and settings\Zach Howen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 00:46]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{B2A8AB16-388D-3D08-D827-3AE6728559C7} - (no file)

HKCU-Run-Aim6 - (no file)

HKCU-Run-Steam - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Zach Howen\Application Data\Mozilla\Firefox\Profiles\sdu0x59s.default\

FF - prefs.js: browser.search.selectedEngine - Thottbot WoW

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\documents and settings\Zach Howen\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-06 08:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\docume~1\ZACHHO~1\LOCALS~1\Temp\RGI1.tmp 7075 bytes

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(972)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

 

- - - - - - - > 'lsass.exe'(1028)

c:\windows\system32\nvappfilter.dll

.

Completion time: 2009-07-06 8:03

ComboFix-quarantined-files.txt 2009-07-06 13:03

 

Pre-Run: 35,328,069,632 bytes free

Post-Run: 36,245,512,192 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

 

249 --- E O F --- 2009-07-06 08:00

Share this post


Link to post
Share on other sites

Hi,

 

* Go to start > run and copy and paste next command in the field:

 

ComboFix /u

 

Make sure there's a space between Combofix and /

Then hit enter.

 

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

 

Let me know in your next reply how things are now.

Share this post


Link to post
Share on other sites

I apologize for taking so long to get back on here. Everything is working fantastic! Thank you so very much!

Share this post


Link to post
Share on other sites

Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0