Jump to content


Photo

HijackThis log - Help would be greatly appreciated


  • This topic is locked This topic is locked
12 replies to this topic

#1 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 05 December 2009 - 01:59 AM

I have had a few bouts of Antivirus System Pro recently and Malwarebytes seemed to do the trick. Since then, IE7 keeps redirecting me to random sites, my Task manager is empty when i control alt delete, and my system feels like its starting to get more sluggush. I run AVG Free. Malwarebytes and Adaware both say Im clean, but something is definitely wrong. Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:44 AM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 esysprotector2009.microsoft.com
O1 - Hosts: 91.212.127.227 esysprotector2009.com
O1 - Hosts: 91.212.127.227 www.esysprotector2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://funschool.kab...vil_elves.html"
O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1226117883872
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {28ee365b-5ce2-437d-bf9d-04e8983ae4d1} - C:\WINDOWS\mark_32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8863 bytes

Thanks for your time.

#2 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 06 December 2009 - 03:29 AM

Hello Chris S. Welcome to SWI.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Please go to http://www.virustotal.com, click on Browse, and upload the following file for analysis: You will only be able to have one file scanned at a time.

C:\Program Files\Search Settings\SearchSettings.exe<<<this file.

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If virustotal is busy, please go to http://virusscan.jotti.org

Please download the HostsXpert.

  • Extract the HostsXpert.zip by doing the following:
  • Right-click HostsXpert.zip and select extract all - Follow the wizard and extract it to your Desktop
  • Click Finish, double-click the HostsXpert folder and then double-click HostsXpert.exe
  • Press File Handling.
  • Press Restore MS Hosts File and press OK.
  • Exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Please download TFC.exe - Temp File Cleaner by OldTimer:
  • Save it to your Desktop.
  • Close any open windows, save your work,
  • Double click the TFC icon to run the program,
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish it's job,
  • Once it's finished, click OK to reboot.
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt, Security check report, VirusTotal result, and a fresh HijackThis log in your next reply for further review.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#3 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 06 December 2009 - 12:29 PM

Please see below...had some issues when trying to post log

Edited by Chris S, 06 December 2009 - 12:39 PM.


#4 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 06 December 2009 - 12:29 PM

Please see below...had some issues when trying to post log

Edited by Chris S, 06 December 2009 - 12:40 PM.


#5 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 06 December 2009 - 12:38 PM

Sorry about the above two posts...something crazy happened while i was posting.

Thanks in advance for the help Rocket Grannie. I followed your instructions and here are the logs:


VirusTotal
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.02 -
AhnLab-V3 5.0.0.2 2009.12.02 -
AntiVir 7.9.1.92 2009.12.02 -
Antiy-AVL 2.0.3.7 2009.12.02 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.02 -
AVG 8.5.0.426 2009.12.02 -
BitDefender 7.2 2009.12.02 -
CAT-QuickHeal 10.00 2009.12.02 -
ClamAV 0.94.1 2009.12.02 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.02 -
eSafe 7.0.17.0 2009.12.02 -
eTrust-Vet 35.1.7152 2009.12.02 -
F-Prot 4.5.1.85 2009.12.02 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.12.02 -
GData 19 2009.12.02 -
Ikarus T3.1.1.74.0 2009.12.02 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.910 2009.12.02 -
Kaspersky 7.0.0.125 2009.12.02 -
McAfee 5819 2009.12.01 -
McAfee+Artemis 5819 2009.12.01 -
McAfee-GW-Edition 6.8.5 2009.12.02 -
Microsoft 1.5302 2009.12.02 -
NOD32 4655 2009.12.02 -
Norman 6.03.02 2009.12.02 -
nProtect 2009.1.8.0 2009.12.02 -
Panda 10.0.2.2 2009.12.02 -
PCTools 7.0.3.5 2009.12.02 -
Prevx 3.0 2009.12.02 -
Rising 22.24.02.09 2009.12.02 -
Sophos 4.48.0 2009.12.02 Mal/EncPk-CI
Sunbelt 3.2.1858.2 2009.12.02 -
Symantec 1.4.4.12 2009.12.02 -
TheHacker 6.5.0.2.083 2009.12.01 -
TrendMicro 9.100.0.1001 2009.12.02 -
VBA32 3.12.12.0 2009.12.02 -
ViRobot 2009.12.2.2068 2009.12.02 -
VirusBuster 5.0.21.0 2009.12.01 -

-----------------------------------------------------------
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG Free 8.5
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
HijackThis 2.0.2
Java™ 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````


----------------------------------------------------------------------------------------------------

ComboFix 09-12-06.01 - Administrator 12/06/2009 11:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2739 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\.#
c:\documents and settings\Administrator\Application Data\kuvafo.inf
c:\documents and settings\Administrator\Local Settings\Application Data\cityba.reg
c:\documents and settings\Administrator\Local Settings\Application Data\ygopa.bat
c:\documents and settings\All Users\Application Data\ajop.inf
c:\documents and settings\All Users\Application Data\aqyqu.inf
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll
c:\program files\Common Files\nyqyfewafu.reg
c:\program files\driver
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SeARchsettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Shared
c:\windows\ageq.scr
c:\windows\onywiro.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-05 05:52 . 2009-12-05 05:52 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-05 05:52 . 2009-12-05 05:52 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-05 05:52 . 2009-12-05 05:52 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-05 05:52 . 2009-12-05 05:52 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-05 05:52 . 2009-12-05 05:52 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-05 05:49 . 2009-12-05 05:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-05 05:49 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-05 05:49 . 2009-12-05 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-05 05:49 . 2009-12-05 05:49 -------- d-----w- c:\program files\Lavasoft
2009-12-05 05:34 . 2009-12-05 05:34 -------- d-----w- c:\program files\Trend Micro
2009-12-05 01:48 . 2009-12-05 01:48 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-01 02:50 . 2009-12-01 02:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-25 18:42 . 2009-11-07 00:50 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-14 23:51 . 2009-11-15 01:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\malply
2009-11-12 23:33 . 2009-11-12 23:33 -------- d-----w- C:\ATI
2009-11-12 00:22 . 2009-11-12 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2009-11-12 00:04 . 2009-11-12 00:13 -------- d-----w- c:\program files\Dragon Age
2009-11-12 00:04 . 2009-11-12 00:19 -------- d-----w- c:\program files\Common Files\BioWare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 17:11 . 2009-08-13 16:57 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-12-06 05:40 . 2009-03-25 01:27 -------- d-----w- c:\program files\Steam
2009-12-05 01:48 . 2009-10-03 00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 22:14 . 2009-10-03 00:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-10-03 00:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 04:23 . 2008-04-14 04:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-12 00:20 . 2008-10-22 01:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-12 00:19 . 2009-06-28 22:42 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-11 23:39 . 2008-11-08 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 01:40 . 2009-05-04 22:50 -------- d-----w- c:\program files\Java
2009-10-20 01:37 . 2009-10-02 01:11 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-19 05:20 . 2009-10-19 03:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-10-19 03:50 . 2009-10-19 03:50 -------- d-----w- c:\program files\uTorrent
2009-10-17 04:31 . 2009-10-17 04:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Search Settings
2009-10-17 01:23 . 2009-10-17 01:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-10-17 01:21 . 2009-10-17 01:21 -------- d-----w- c:\program files\VideoLAN
2009-10-09 21:07 . 2009-10-09 21:07 -------- d-----w- c:\program files\Coupons
2009-10-06 20:30 . 2008-09-19 04:45 17080 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 00:46 . 2009-10-06 00:46 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-10-03 00:29 . 2009-10-03 00:29 17725 ----a-w- c:\windows\system32\osoxy.bin
2009-10-03 00:29 . 2009-10-03 00:29 14769 ----a-w- c:\windows\system32\arivudeno.com
2009-10-03 00:29 . 2009-10-03 00:29 16001 ----a-w- c:\windows\system32\secuduny.exe
2009-10-02 21:01 . 2009-10-02 21:01 12186 ----a-w- c:\windows\system32\ukeriqu.bin
2009-10-02 21:01 . 2009-10-02 21:01 19044 ----a-w- c:\documents and settings\Administrator\Application Data\faqiv.dat
2009-10-02 21:01 . 2009-10-02 21:01 14206 ----a-w- c:\windows\eryn.sys
2009-10-02 21:01 . 2009-10-02 21:01 14123 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\uhujejah.exe
2009-10-02 21:01 . 2009-10-02 21:01 13567 ----a-w- c:\documents and settings\Administrator\Application Data\qofewukape.dll
2009-10-02 21:01 . 2009-10-02 21:01 13567 ----a-w- c:\documents and settings\Administrator\Application Data\qofewukape.dll
2009-10-02 21:01 . 2009-10-02 21:01 12516 ----a-w- c:\documents and settings\Administrator\Application Data\lixynej.bin
2009-10-02 21:01 . 2009-10-02 21:01 11134 ----a-w- c:\program files\Common Files\itibaj.sys
2009-10-02 21:01 . 2009-10-02 21:01 10735 ----a-w- c:\documents and settings\All Users\Application Data\urusuvihu.exe
2009-10-02 21:01 . 2009-10-02 21:01 10735 ----a-w- c:\documents and settings\All Users\Application Data\urusuvihu.exe
2009-10-02 21:01 . 2009-10-02 21:01 14552 ----a-w- c:\program files\Common Files\yqob.lib
2009-09-25 22:35 . 2008-09-19 04:39 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-09-23 22:59 . 2008-07-04 06:33 4481024 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-23 22:39 . 2008-09-19 04:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38 . 2008-07-04 03:23 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21 . 2008-07-04 03:14 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21 . 2008-07-04 03:14 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21 . 2008-07-04 03:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20 . 2008-07-04 03:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20 . 2008-07-04 03:13 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19 . 2008-07-04 03:12 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17 . 2008-07-04 03:10 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11 . 2008-09-19 04:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09 . 2008-07-04 03:00 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58 . 2009-09-23 21:58 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53 . 2008-07-04 02:49 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:53 . 2008-09-19 04:39 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-23 21:53 . 2008-09-19 04:39 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2008-07-04 02:34 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32 . 2008-07-04 02:30 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30 . 2008-07-04 02:29 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29 . 2008-07-04 02:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29 . 2009-09-23 21:29 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:28 . 2008-07-04 02:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 21:27 . 2008-07-04 03:06 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23 . 2008-07-04 02:22 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-23 12:55 . 2009-12-05 05:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18 . 2008-04-14 09:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-24 16859648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-25 2029336]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2008-6-26 1940992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-19 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 02:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\ram1us\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\RoM_Downloader.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\YuLeech-RunesofMagic2_0_1_1821-en.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/4/2009 11:53 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/19/2008 7:24 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/19/2008 7:24 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/8/2008 11:04 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/7/2008 10:40 PM 6272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/19/2008 7:24 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/19/2008 7:24 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\drivers\L6TPortGX.sys [9/2/2009 10:04 PM 531456]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/11/2009 6:13 PM 25832]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: line6.net
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Steam App 10180 - c:\program files\Steam\steam.exe steam://uninstall/10180
AddRemove-Steam App 10190 - c:\program files\Steam\steam.exe steam://uninstall/10190
AddRemove-Steam App 220 - c:\program files\Steam\steam.exe steam://uninstall/220
AddRemove-Steam App 380 - c:\program files\Steam\steam.exe steam://uninstall/380
AddRemove-Steam App 420 - c:\program files\Steam\steam.exe steam://uninstall/420
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe steam://uninstall/440
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe steam://uninstall/500



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 11:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-1659004503-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,80,80,43,fb,b4,8b,49,af,93,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,80,80,43,fb,b4,8b,49,af,93,42,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-12-06 11:21
ComboFix-quarantined-files.txt 2009-12-06 17:21

Pre-Run: 117,625,724,928 bytes free
Post-Run: 117,593,690,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C13852D64E95BDD556EC24E3DEB86310

-----------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:38 AM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1226117883872
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6785 bytes

Edited by Chris S, 06 December 2009 - 12:40 PM.


#6 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 07 December 2009 - 03:24 PM

Hello Chris S

something crazy happened while i was posting.

Gremlins??

Thatís looking better, but more to do yet.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Using Windows Explorer, please navigate to c:\documents and settings\Administrator\Application Data\Search Settings and delete the folder Search Settings

This entry O15 - Trusted Zone: *.line6.net is in the Trusted Zone.

Trusted Zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge.
It is therefore a popular setting for malware sites to use so that future infections can be easily installed on your computer without your knowledge as these sites will be in the Trusted Zone.
I suggest you remove this entry from the Trusted Zone as it is unnecessary to have it there.

Next, please run a GMER Rootkit scan:

Download GMER from here

Unzip it to the Desktop.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.
http://www.gmer.net/files.php

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan is finished click Copy (2) and paste the results (if any) into this thread

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply along with a fresh HJT log.
And let me know how the computer is performing now.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#7 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 08 December 2009 - 01:10 AM

And those were Gremlins, and they were in my fingers. My typing leaves a lot to be desired and I hit some keys that started posting things...hehe.

Here are the logs as requested...things seem to be ok although I really havent gone online much. Kinda waiting until we are complete.

----------------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15272 - http://www.gmer.net
Rootkit scan 2009-12-07 22:51:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwpoikog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5166000, 0x21F557, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----



--------------------------------------------------------------------------------------------------------------------------------------

BitDefender Online Scanner
Scan report generated at: Mon, Dec 07, 2009 - 23:55:14

Scan path: A:\;C:\;D:\;

Statistics
Time 00:56:25
Files 264427
Folders 13451
Boot Sectors 0
Archives 2825
Packed Files 21032

Results
Identified Viruses 0
Infected Files 0
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 0

Engines Info
Virus Definitions 4703405
Engine build AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)
Scan plugins 17
Archive plugins 44
Unpack plugins 8
E-mail plugins 6
System plugins 4

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
No virus found.


-------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:56 AM, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1226117883872
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8239 bytes

Edited by Chris S, 08 December 2009 - 01:10 AM.


#8 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 08 December 2009 - 04:39 AM

Hello Chris S

My typing leaves a lot to be desired and I hit some keys that started posting things...hehe.

:worm: :rofl:

things seem to be ok although I really havent gone online much. Kinda waiting until we are complete.

Youíll have your chance to test it out in this post.

The good news is your logs appear to be clean!

AVG is out of date. The latest version is AVG9.
Please upgrade it, run a scan and let it fix anything it finds.

I do not see a firewall in your logs.

Some good free firewalls are:
Be sure to only install one.
A tutorial on understanding and using firewalls may be found here

Note: Windows firewall only offers one way protection. It does not monitor outgoing traffic.

You are using an obsolete version of Internet Explorer. I strongly recommend updating to the latest version, Internet Explorer 8.
Newer versions address many software vulnerabilities found in older versions, and include greater security features to protect your computer.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.


Download and save to your Desktop the latest version of the Java Runtime Environment (JRE) from here.

Please download JavaRa and unzip it to your Desktop.

***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted.
  • When JavaRa is finished, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Finally, install the Java you downloaded earlier.

Adobe Reader is out of date and older versions contain vulnerabilities. Please download the newest version from here
Please uncheck Google toolbar unless you want to download it.

Please consider using an alternate pdf viewer. Sumatra PDF is a very good alternative.
Sumatra PDF is a slim, free and open-source pdf viewer.

Please remove all older versions of Adobe.
When you are finished, install the new version.

Please let me know how the updates go, and if any problems remain.


Rocket Grannie.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#9 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 08 December 2009 - 08:48 PM

Well...I think I'm in good shape. Things seem to be OK.

Thanks for all the help RG and your timely responses!!!

#10 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 09 December 2009 - 09:26 AM

Hello Chris S.

Well...I think I'm in good shape. Things seem to be OK.

Thatís great!

Thanks for all the help RG and your timely responses!!!

You are welcome.

Now, you need to uninstall ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: The space between x and / is needed.

Please delete the Security Check folder on the Desktop.
Please delete the Gmer folder on the Desktop.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

Note: All of the programs I am suggesting are either free or have free versions.

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product may be found here

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware from being installed.
Please set your anti-virus and anti-spyware programs to check for updates automatically. If the programs are not able to update automatically, then I suggest you manually check for updates every few days.

Windows needs to be kept up-to-date.

Windows Updates are available from here

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here
Opera is available here

PLEASE NOTE:

A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems!

Safe Surfing:

Rocket Grannie.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#11 Chris S

Chris S

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 09 December 2009 - 07:45 PM

Should be done. I have mozilla installed, stuck with avg 9 (unless you think there is a good reason to go with Avast), have Outpost as my firewall (i tried Online Armor but it makes Steam crash when you close applications...a known bug), and have Spywareblaster running.

I guess the only other question I have is can I have Spybot S&D running with Spywareblaster at the same time. I think I read that Spybot and Spywareguard cant be run at the same time...but not sure about Spybot and Spywareblaster.

Thanks again RG...much appreciated!

#12 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 09 December 2009 - 09:49 PM

Hello Chris S

Spyware Blaster, IE-Spyad and another free program from PCTools named ThreatFire are passive scanners.
This means they can be run with any resident scanners such as SpyBot---MBAM---Spyware Guard.

Hope this helps.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#13 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 19 December 2009 - 05:10 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button