17 replies to this topic

[xmas70]

Similar happened to me like in the topic 'Infected with Privitize VPN'.
I downloaded accidentally the Privitize VPN program.
I deleted it from Add/Remove programs about next day when I realized that all of my browsers says for every URL:
'took too long to respond' or '..has timed out' .

One of my programs updated itself successfully so my Internet is okay

(and my wife's computer uses the same modem and router, and it is OK).

I had this problem even if i used wifi: I reached one site then the second '..has timed out' ..

 

I read the similar topics about this problem
and realized that my browsers are working again
for a while if i set the registry as suggested :
 

and
 

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log
-----
But it is not a permanent solution amd MAMB found this:
'PUM.Hijack.StartMenu'
HElp me, please!
Thanks in advance!

 

 

 

here is the Malware bytes log:

--------

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.05.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ATTILA :: PC270922491494 [administrator]

Protection: Disabled

2013.01.05. 22:08:40
MBAM-log-2013-01-06 (01-54-22).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 488770
Time elapsed: 3 hour(s), 43 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\Documents and Settings\ATTILA\Local Settings\Application Data\Torch\User Data\Default\Cache\f_000021 (Adware.DirectDownload) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\My Videos\download.php (Adware.DirectDownload) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\My Videos\product_download.php (PUP.Adware.Agent) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\Downloads\ChessBase.11.2011 (1).exe (Adware.DirectDownload) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\Downloads\ChessBase_Opening_Encyclopaedia_2011.exe (PUP.Adware.Agent) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\Downloads\Chessbase_Opening_Encyclopedia_2012_Setup___Key.exe (PUP.Adware.Agent) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\Downloads\chess_romans_lab_102_killing_the_sicilian_with_the_grand_prix_attack.exe (PUP.Adware.MediaGet) -> No action taken.
C:\Documents and Settings\ATTILA\My Documents\Downloads\Excelling_At_Positional_Chess.exe (PUP.Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1674\A0327252.exe (Adware.DirectDownload) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1674\A0327253.exe (PUP.Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1674\A0327254.exe (PUP.Adware.Agent) -> No action taken.

(end)

---------

 

---------

Here is the DDS log:

---------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by ATTILA at 0:04:44 on 2013-01-07
Microsoft Windows XP Home Edition  5.1.2600.3.1250.36.1033.18.895.274 [GMT 1:00]
.
AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: Norton Internet Worm Protection *Disabled*
FW: AVG Internet Security Business Edition 2012 *Enabled*
FW:  *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\alg.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: {C508C0E0-E49E-971D-43A0-510B40BCDA75} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe"  /DoAction
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://map2.index.hu/MGViewer/ActiveX/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 213.46.246.53 213.46.246.54
TCP: Interfaces\{9F986765-D737-4DE3-BC6E-B9108FAACF67} : DHCPNameServer = 213.46.246.53 213.46.246.54
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\mocaflix\sprotector.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\attila\application data\mozilla\firefox\profiles\0a2atyl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\attila\local settings\application data\google\update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-1-3 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2013-1-3 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2013-1-3 11776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 26984]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009-8-29 27704]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-6-14 32768]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011-1-9 65856]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-17 54752]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-1-3 54072]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-6 21104]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2011-4-12 129304]
S1 1653946drv;1653946drv;c:\windows\system32\drivers\1653946drv.sys --> c:\windows\system32\drivers\1653946drv.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\attila\focivb\vcdrom.sys --> c:\attila\focivb\VCdRom.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-8-27 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S4 vsdatant;vsdatant; [x]
.
=============== File Associations ===============
.
ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"
.
=============== Created Last 30 ================
.
2013-01-06 13:20:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 13:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-06 00:55:14 -------- dc----w- C:\jan6
2013-01-03 22:38:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-01-02 23:33:53 -------- dc----w- C:\programfiles
2013-01-02 21:16:25 -------- dcsha-r- C:\cmdcons
2013-01-02 21:09:31 98816 ----a-w- c:\windows\sed.exe
2013-01-02 21:09:31 256000 ----a-w- c:\windows\PEV.exe
2013-01-02 21:09:31 208896 ----a-w- c:\windows\MBR.exe
2013-01-02 20:32:55 388096 ----a-r- c:\documents and settings\attila\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-02 20:32:35 -------- d-----w- c:\program files\Trend Micro
2013-01-02 17:55:12 -------- dc----w- C:\UZES
2013-01-01 01:33:05 -------- d-----w- c:\documents and settings\attila\local settings\application data\CRE
2012-12-31 23:59:35 -------- d-----w- c:\documents and settings\attila\local settings\application data\Torch
2012-12-31 23:55:23 -------- dc----w- c:\documents and settings\all users\application data\Zoomex
2012-12-31 23:47:50 -------- dc----w- c:\documents and settings\all users\application data\WoW Worldwide Software LTD
2012-12-31 23:47:05 -------- d-----w- c:\program files\Optimizer Pro
2012-12-31 20:36:41 -------- d-----w- c:\program files\Gophoto.it
2012-12-31 20:35:42 -------- d-----w- c:\program files\TornTV.com
2012-12-31 17:33:07 -------- dc----w- C:\DUPLUM_TOROLNI
2012-12-27 13:26:37 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-12-27 10:40:41 -------- d-----w- c:\program files\Astonsoft
2012-12-24 12:03:53 -------- dc----w- C:\csabatemp
2012-12-24 11:48:56 -------- d-----w- c:\documents and settings\attila\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-12-24 10:54:46 -------- dc----w- C:\Temp
2012-12-24 10:54:04 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-12-21 18:02:03 -------- d-----w- c:\documents and settings\attila\application data\RealNetworks
2012-12-21 17:46:55 -------- d-----w- c:\program files\RealNetworks
2012-12-21 17:46:43 -------- dc----w- c:\documents and settings\all users\application data\RealNetworks
2012-12-21 17:44:47 -------- d-----w- c:\program files\common files\xing shared
2012-12-21 17:43:25 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-12-21 17:42:44 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-12-13 13:30:28 5955856 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-12-11 20:05:31 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 20:07:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 20:07:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 05:46:16 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv
2012-11-09 05:46:16 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv
2012-11-08 16:33:44 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 19:14:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-26 19:14:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-26 19:14:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-26 19:14:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH:  0:08:05.98 ===============

---------------------------

 

Here is the security check log:
---------------------------
 Results of screen317's Security Check version 0.99.56 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
 AVG 2012    
 Sygate Personal Firewall   
 McAfee Security Scan Plus  
 AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Terminator 2012  
 Malwarebytes Anti-Malware version 1.70.0.1100 
 CCleaner (remove only)  
 Java 7 Update 9 
 Adobe Flash Player  11.5.502.135 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (17.0.1)
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
 Google Chrome 22.0.1229.79 
 Google Chrome 22.0.1229.92 
 Google Chrome 22.0.1229.94 
 Google Chrome 23.0.1271.64 
 Google Chrome 23.0.1271.91 
 Google Chrome 23.0.1271.95 
 Google Chrome 23.0.1271.97 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Emsisoft Anti-Malware a2service.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 emsisoft anti-malware a2guard.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

---------------------------

Here is the HIjack log

---------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:08:35, on 2013.01.08.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: SaveAs - {C508C0E0-E49E-971D-43A0-510B40BCDA75} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://aoc-bp.aegon...LL/extender.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://map2.index.hu...eX/mgaxctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\PROGRA~1\MocaFlix\sprotector.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG tűzfal (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10) (gupdate1c9b988b8f0cf10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14255 bytes

---------------------------

[nasdaq]

Hello, Welcome to SpywareInfoForum
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.


[*]Close all programs leaving only HijackThis running.  Place a check against each of the following, making sure you get them all and not any others by mistake:


O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SaveAs - {C508C0E0-E49E-971D-43A0-510B40BCDA75} - (no file)
O20 - AppInit_DLLs: c:\PROGRA~1\MocaFlix\sprotector.dll

Click on Fix Checked when finished and exit HijackThis.

Delete the folder in bold if found.
c:\PROGRA~1\MocaFlix

Restart the computer normally.

Post a fresh log for my review.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com...d/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 7 Update 9


Java 7 update 10 introduces important new security controls
You can read about it here.
http://nakedsecurity...urity-controls/
===

Get the latest version of the  Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A log file will automatically open after the scan has finished.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know what problem persists.
 

[xmas70]

Hi!

Thank you for your guide.

 

I did the 3 fixes with the HijackThis but I can't reach the Net via browsers.

The MAMB updated itself successfully.

Can I update my java or Adobe in another way?

 

Now I am trying the produce the logs but my first attempt failed : the MAMB scan didn't run in 8 hours

just sandglasses....

 

I will try it again.

 

bye

[nasdaq]

Try this and see if you Internet Connection returns.

Go > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

On my previous post I gave you instructions to search for AdWare PUP.

Download the tool run run it as I previously requested.

Then run it again to Delete the Adware.

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Everything that was found will be deleted.
• Follow the prompts to reboot the computer. A text file will open after the restart.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Keep me posted.

 

[xmas70]

Hi!

 

I managed to create the new logs, and I have a new problem in my Firefox.
My start page is the google com and if I try whether i can reach the Net the following happens:

Nonresponsive scripts windows are coming:

e.g.

'A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: resource://gophoto-at-gophoto-dot-it/api-utils/lib/cuddlefish.js -> resource://gophoto-at-gophoto-dot-it/api-utils/lib/sandbox.js -> resource://gophoto-at-gophoto-dot-it/api-utils/data/content-proxy.js:824

 

And i have no connection with the net but the MAMB can update itself.

How can I update my Java? Or should I wait for till I reach the net via browsers?

 

Thank you in advance.

Here are the logs:

----------------------------------

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.09.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ATTILA :: PC270922491494 [administrator]

Protection: Disabled

2013.01.09. 20:00:28
mbam-log-2013-01-09 (20-00-28).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489440
Time elapsed: 5 hour(s), 15 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------------------------
DDS.tXT
-----------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by ATTILA at 7:00:33 on 2013-01-10
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
c:\program files\real\realplayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe"  /DoAction
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://map2.index.hu/MGViewer/ActiveX/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 213.46.246.53 213.46.246.54
TCP: Interfaces\{9F986765-D737-4DE3-BC6E-B9108FAACF67} : DHCPNameServer = 213.46.246.53 213.46.246.54
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\attila\application data\mozilla\firefox\profiles\0a2atyl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\attila\local settings\application data\google\update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R? 1653946drv;1653946drv
R? Avgfwfd;AVG network filter service
R? fsssvc;Windows Live Family Safety Service
R? gupdate1c9b988b8f0cf10;Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10)
R? HTCAND32;HTC Device Driver
R? htcnprot;HTC NDIS Protocol Driver
R? MBAMService;MBAMService
R? McComponentHostService;McAfee Security Scan Component Host Service
R? SkypeUpdate;Skype Updater
R? vcdrom;Virtual CD-ROM Device Driver
R? vsdatant;vsdatant
S? a2acc;a2acc
S? a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? a2injectiondriver;a2injectiondriver
S? a2util;a-squared Malware-IDS utility driver
S? Avgfwdx;Avgfwdx
S? avgfws;AVG t
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? cdrblock;cdrblock
S? cpextender;Check Point SSL Network Extender
S? fssfltr;fssfltr
S? IFXTPM;IFXTPM
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? PassThru Service;Internet Pass-Through Service
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? Skype C2C Service;Skype C2C Service
S? sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver
S? ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service
S? VNA;Check Point Virtual Network Adapter
S? vToolbarUpdater13.2.0;vToolbarUpdater13.2.0
S? WMDrive;WMDrive
.
=============== File Associations ===============
.
ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"
.
=============== Created Last 30 ================
.
2013-01-07 21:37:18 -------- dc----w- C:\toolbarImages
2013-01-07 21:35:48 -------- d-----w- c:\documents and settings\attila\local settings\application data\Conduit
2013-01-06 23:20:58 -------- dc----w- c:\documents and settings\all users\application data\SaveAs
2013-01-06 13:20:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 13:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-03 22:38:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-01-02 23:33:53 -------- dc----w- C:\programfiles
2013-01-02 21:16:25 -------- dcsha-r- C:\cmdcons
2013-01-02 21:09:31 98816 ----a-w- c:\windows\sed.exe
2013-01-02 21:09:31 256000 ----a-w- c:\windows\PEV.exe
2013-01-02 21:09:31 208896 ----a-w- c:\windows\MBR.exe
2013-01-02 20:32:55 388096 ----a-r- c:\documents and settings\attila\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-02 20:32:35 -------- d-----w- c:\program files\Trend Micro
2013-01-02 17:55:12 -------- dc----w- C:\UZES
2013-01-01 01:33:05 -------- d-----w- c:\documents and settings\attila\local settings\application data\CRE
2012-12-31 23:59:35 -------- d-----w- c:\documents and settings\attila\local settings\application data\Torch
2012-12-31 23:55:23 -------- dc----w- c:\documents and settings\all users\application data\Zoomex
2012-12-31 23:47:50 -------- dc----w- c:\documents and settings\all users\application data\WoW Worldwide Software LTD
2012-12-31 23:47:05 -------- d-----w- c:\program files\Optimizer Pro
2012-12-31 20:36:41 -------- d-----w- c:\program files\Gophoto.it
2012-12-31 17:33:07 -------- dc----w- C:\DUPLUM_TOROLNI
2012-12-27 13:26:37 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-12-27 10:40:41 -------- d-----w- c:\program files\Astonsoft
2012-12-24 12:03:53 -------- dc----w- C:\csabatemp
2012-12-24 11:48:56 -------- d-----w- c:\documents and settings\attila\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-12-24 10:54:46 -------- dc----w- C:\Temp
2012-12-24 10:54:04 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-12-21 18:02:03 -------- d-----w- c:\documents and settings\attila\application data\RealNetworks
2012-12-21 17:46:55 -------- d-----w- c:\program files\RealNetworks
2012-12-21 17:46:43 -------- dc----w- c:\documents and settings\all users\application data\RealNetworks
2012-12-21 17:44:47 -------- d-----w- c:\program files\common files\xing shared
2012-12-21 17:43:25 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-12-21 17:42:44 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-12-13 13:30:28 5955856 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2013-01-09 20:57:37 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:57:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 05:46:16 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv
2012-11-09 05:46:16 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv
2012-11-08 16:33:44 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-08 10:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 19:14:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-26 19:14:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-26 19:14:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-26 19:14:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH:  7:08:11.21 ===============

secureCheck: checkup.txt

 Results of screen317's Security Check version 0.99.56 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
 AVG 2012    
 Sygate Personal Firewall   
 McAfee Security Scan Plus  
 AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Terminator 2012  
 Malwarebytes Anti-Malware version 1.70.0.1100 
 CCleaner (remove only)  
 Java 7 Update 9 
 Adobe Flash Player  11.5.502.146 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (17.0.1)
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
 Google Chrome 22.0.1229.79 
 Google Chrome 22.0.1229.92 
 Google Chrome 22.0.1229.94 
 Google Chrome 23.0.1271.64 
 Google Chrome 23.0.1271.91 
 Google Chrome 23.0.1271.95 
 Google Chrome 23.0.1271.97 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Emsisoft Anti-Malware a2service.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 emsisoft anti-malware a2guard.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

-------------------------

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:28:56, on 2013.01.10.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programfiles\totalcmd\TOTALCMD.EXE
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://aoc-bp.aegon...LL/extender.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://map2.index.hu...eX/mgaxctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG tűzfal (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10) (gupdate1c9b988b8f0cf10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14047 bytes

 

[nasdaq]

'A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: resource://gophoto-at-gophoto-dot-it/api-utils/lib/cuddlefish.js -> resource://gophoto-at-gophoto-dot-it/api-utils/lib/sandbox.js -> resource://gophoto-at-gophoto-dot-it/api-utils/data/content-proxy.js:824

 

Some issues are covered on this page. Try some of the fixes.

http://support.mozil...sponsive-script

I see in you DDS log that this Gophoto.it as a folder.
2012-12-31 20:36:41 -------- d-----w- c:\program files\Gophoto.it
What is this and can your delete it.
It might also be an add-on or extension in your Firefox if you do disable it.

===

Did you execute this as suggested on my last post?
If not please do it.
Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
===

Adobe Reader 9 Adobe Reader out of Date!
Go to this page.
http://www.adobe.com/ca/downloads/

On the right pane under Readers and Players
Download the Adobe reader.

Save the file, close all windows and programs and install it.

Look in your Add/Remove programs list and make sure you have only the latest version. If version 9 is still shown remove it.
===

[xmas70]

I tried everything what you suggested and tested my internet connection.

I think it is almost everything OK.


I summarize for the readers of this post what have I done.
After
ipconfig /flushdns
ipconfig /renew
my Internet Connection returned.
(I repeated it once later when after a shut down the internet disapperead but now i think it is
ok).

I run AdwCleaner.
I copy the log file at C:\AdwCleaner[Sn].txt (n is a number) at the end of this post.


>http://support.mozil...sponsive-script
These weren't useful but what have you said about c:\program files\Gophoto.it
and that it was an add-on that helped.
There are no unresponsive messages.

I updated the Java successfull.


Smaller problems:

1. it occurs sometime that the firefox returns with the message : '...has timed out' meanwhile other browser
can see that page.
But after restarting the firefox everything is ok again.


2. When I upload the newer adobe reader and try run it something always deletes the exe file.
I turned off the AVG but something deleted the adobe update exe file again.

Question:
What kind of programs do you suggest against malwares and viruses?
Now I have AVG and Malwarebyte but I felt sometimes they were fighting against each other.

Thank you very much for your help.

Here is the AdwCleaner log:

 

 

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 20:02:32
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ATTILA - PC270922491494
# Boot Mode : Normal
# Running from : C:\UZES\adwcleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\ATTILA\Application Data\Mozilla\Firefox\Profiles\0a2atyl6.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\VERA\Application Data\Mozilla\Firefox\Profiles\g22v7ale.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\MATE\Application Data\Mozilla\Firefox\Profiles\hd3xy699.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\GERGO\Application Data\Mozilla\Firefox\Profiles\17idr548.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\ZSU\Application Data\Mozilla\Firefox\Profiles\c9wluz1c.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\ATTILA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.30] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.33] : keyword = "search.conduit.com",
Deleted [l.36] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]

File : C:\Documents and Settings\VERA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"browser":{"check_default_browser":false},"countryid_at_install":18517,"default_search_provider":{"[...]

-\\ Opera v11.61.1250.0

File : C:\Documents and Settings\ATTILA\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\VERA\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\ZSU\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [122909 octets] - [03/01/2013 22:04:39]
AdwCleaner[S1].txt - [34579 octets] - [03/01/2013 22:05:48]
AdwCleaner[S2].txt - [3061 octets] - [10/01/2013 21:09:13]
AdwCleaner[S3].txt - [2393 octets] - [11/01/2013 20:02:32]

########## EOF - C:\AdwCleaner[S3].txt - [2453 octets] ##########

[nasdaq]

Please download ComboFix from one of these locations:

 

Link 1

Link 2

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

• Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

 

• Double click on ComboFix.exe & follow the prompts.

 

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 

 

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

• Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

 

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

 

Do not mouse click ComboFix's window while it's running. That may cause it to stall

 

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

===

 

Please post the log and will take it from there.

[xmas70]

Hi!

 

I run ComboFix without any problems.

My experience is that after this run my browsers working but sometimes the Firefox returns with "...has timed out" even in that case when
the site is available for other browsers (IE, IOpera).

 

Thank you for the advice and here is the log:

ComboFix 13-01-13.01 - ATTILA 013.01.13. 22:26:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1033.18.895.427 [GMT 1:00]
Running from: c:\documents and settings\ATTILA\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security Business Edition 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\1C3.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\1C4.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\1C5.tmp
C:\programfiles
c:\programfiles\totalcmd\CABRK.DLL
c:\programfiles\totalcmd\CGLPT64.SYS
c:\programfiles\totalcmd\CGLPT9X.VXD
c:\programfiles\totalcmd\CGLPTNT.SYS
c:\programfiles\totalcmd\DEFAULT.BAR
c:\programfiles\totalcmd\default.br2
c:\programfiles\totalcmd\descript.ion
c:\programfiles\totalcmd\FRERES32.DLL
c:\programfiles\totalcmd\HISTORY.TXT
c:\programfiles\totalcmd\KEYBOARD.TXT
c:\programfiles\totalcmd\LANGUAGE\WCMD_CHN.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_CHN.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_CHN.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_CZ.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_CZ.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_CZ.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_DAN.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_DAN.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_DAN.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_DEU.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_DEU.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_DEU.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_DUT.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_DUT.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_DUT.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_ENG.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_ESP.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_ESP.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_ESP.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_FRA.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_FRA.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_FRA.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_HUN.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_HUN.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_HUN.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_ITA.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_ITA.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_ITA.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_KOR.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_KOR.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_KOR.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_NOR.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_NOR.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_POL.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_POL.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_ROM.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_ROM.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_ROM.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_RUS.INC
c:\programfiles\totalcmd\LANGUAGE\WCMD_RUS.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_RUS.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_SK.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_SK.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_SVN.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_SVN.MNU
c:\programfiles\totalcmd\LANGUAGE\WCMD_SWE.LNG
c:\programfiles\totalcmd\LANGUAGE\WCMD_SWE.MNU
c:\programfiles\totalcmd\NO.BAR
c:\programfiles\totalcmd\NOCLOSE.EXE
c:\programfiles\totalcmd\NOCLOSE64.EXE
c:\programfiles\totalcmd\REGISTER.RTF
c:\programfiles\totalcmd\SFXHEAD.SFX
c:\programfiles\totalcmd\SHARE_NT.EXE
c:\programfiles\totalcmd\SIZE!.TXT
c:\programfiles\totalcmd\TCLZMA64.DLL
c:\programfiles\totalcmd\TCMADM64.EXE
c:\programfiles\totalcmd\TCMADMIN.EXE
c:\programfiles\totalcmd\TCMDLZMA.DLL
c:\programfiles\totalcmd\TCMDX32.EXE
c:\programfiles\totalcmd\TCMDX64.EXE
c:\programfiles\totalcmd\TCUNIN64.EXE
c:\programfiles\totalcmd\TCUNIN64.WUL
c:\programfiles\totalcmd\TCUNINST.EXE
c:\programfiles\totalcmd\TCUNINST.WUL
c:\programfiles\totalcmd\TCUNZL64.DLL
c:\programfiles\totalcmd\TCUNZLIB.DLL
c:\programfiles\totalcmd\TcUsbRun.exe
c:\programfiles\totalcmd\TOTALCMD.CHM
c:\programfiles\totalcmd\TOTALCMD.EXE
c:\programfiles\totalcmd\TOTALCMD.EXE.MANIFEST
c:\programfiles\totalcmd\TOTALCMD.INC
c:\programfiles\totalcmd\TOTALCMD64.EXE
c:\programfiles\totalcmd\TOTALCMD64.EXE.MANIFEST
c:\programfiles\totalcmd\UNACEV2.DLL
c:\programfiles\totalcmd\UNRAR.DLL
c:\programfiles\totalcmd\UNRAR64.DLL
c:\programfiles\totalcmd\UNRAR9X.DLL
c:\programfiles\totalcmd\WC32TO16.EXE
c:\programfiles\totalcmd\WCMICONS.DLL
c:\programfiles\totalcmd\WCMICONS.INC
c:\programfiles\totalcmd\WCMZIP32.DLL
c:\programfiles\totalcmd\WCMZIP64.DLL
c:\programfiles\totalcmd\WCUNINST.WUL
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-10 23:22 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-07 21:37 . 2013-01-07 21:37 -------- dc----w- C:\toolbarImages
2013-01-06 13:20 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 13:20 . 2013-01-06 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-03 22:38 . 2013-01-13 21:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-01-02 20:32 . 2013-01-02 20:32 388096 ----a-r- c:\documents and settings\ATTILA\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\program files\Trend Micro
2013-01-02 17:55 . 2013-01-11 19:19 -------- dc----w- C:\UZES
2013-01-01 01:33 . 2013-01-01 01:33 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\CRE
2012-12-31 23:59 . 2013-01-01 00:06 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\Torch
2012-12-31 23:47 . 2012-12-31 23:47 -------- dc----w- c:\documents and settings\All Users\Application Data\WoW Worldwide Software LTD
2012-12-31 23:47 . 2013-01-01 09:58 -------- d-----w- c:\program files\Optimizer Pro
2012-12-31 17:33 . 2012-12-31 18:00 -------- dc----w- C:\DUPLUM_TOROLNI
2012-12-27 13:26 . 2012-06-03 08:45 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-12-27 13:26 . 2012-12-27 13:26 -------- d-----w- c:\program files\CDBurnerXP
2012-12-27 10:41 . 2012-12-27 12:51 -------- d-----w- c:\documents and settings\ATTILA\Application Data\DeepBurner
2012-12-27 10:40 . 2012-12-28 10:07 -------- d-----w- c:\program files\Astonsoft
2012-12-24 12:03 . 2012-12-24 12:51 -------- dc----w- C:\csabatemp
2012-12-24 11:48 . 2012-12-24 11:48 -------- d-----w- c:\documents and settings\ATTILA\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-12-24 10:54 . 2012-12-24 10:54 -------- dc----w- C:\Temp
2012-12-24 10:54 . 2007-11-27 02:24 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-12-21 18:02 . 2012-12-21 18:02 -------- d-----w- c:\documents and settings\ATTILA\Application Data\RealNetworks
2012-12-21 17:46 . 2012-12-21 17:47 -------- d-----w- c:\program files\RealNetworks
2012-12-21 17:46 . 2012-12-21 17:46 -------- dc----w- c:\documents and settings\All Users\Application Data\RealNetworks
2012-12-21 17:44 . 2012-12-21 17:44 -------- d-----w- c:\program files\Common Files\xing shared
2012-12-21 17:43 . 2012-12-21 17:43 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-12-21 17:42 . 2012-12-21 17:42 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 20:57 . 2012-05-13 08:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:57 . 2011-05-25 06:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-04 06:39 . 2013-01-04 06:37 46678599 -c--a-w- C:\kviz.zip
2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 05:46 . 2012-11-09 05:46 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv
2012-11-09 05:46 . 2012-11-09 05:46 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv
2012-11-08 16:33 . 2012-08-30 18:27 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:01 . 2008-10-11 12:33 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 19:14 . 2012-06-21 15:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-26 19:14 . 2010-06-14 02:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-05 20:20 . 2012-12-05 20:19 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-20 12:22 257024 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-01 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-21 295072]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-10 00:38 806912 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-02-15 15:43 892928 ----a-w- c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\ATTILA\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
"c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012.04.19. 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011.09.13. 5:30 31952]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013.01.03. 23:38 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013.01.03. 23:38 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013.01.03. 23:38 11776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011.10.07. 5:23 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011.07.11. 0:14 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012.08.30. 19:27 26984]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009.08.29. 21:44 27704]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012.06.14. 21:29 32768]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011.01.09. 20:56 65856]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013.01.03. 23:38 3084688]
R2 avgfws;AVG tűzfal;c:\program files\AVG\AVG2012\avgfws.exe [2012.06.13. 2:48 2321560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012.02.14. 3:53 193288]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2011.10.18. 17:24 355496]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013.01.06. 14:20 398184]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012.03.23. 13:25 87040]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012.11.29. 20:31 38608]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2012.06.14. 21:28 587472]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2013.01.03. 23:38 54072]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011.12.23. 12:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011.12.23. 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011.12.23. 12:32 17232]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005.10.21. 12:19 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013.01.06. 14:20 21104]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2011.04.12. 15:49 129304]
S1 1653946drv;1653946drv;c:\windows\system32\DRIVERS\1653946drv.sys --> c:\windows\system32\DRIVERS\1653946drv.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\attila\focivb\VCdRom.sys --> c:\attila\focivb\VCdRom.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012.08.13. 2:24 5167736]
S2 gupdate1c9b988b8f0cf10;Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10);c:\program files\Google\Update\GoogleUpdate.exe [2009.04.10. 3:59 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013.01.06. 14:20 682344]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012.12.13. 14:26 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.07.13. 12:28 160944]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012.08.27. 19:38 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 17:01 21248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012.09.05. 16:56 234776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 02:54 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 20:58]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006Core.job
- c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006UA.job
- c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008Core.job
- c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008UA.job
- c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46]
.
2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-13 c:\windows\Tasks\User_Feed_Synchronization-{BFA2D8C0-004E-411F-B5F6-CA001AA56198}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.246.53 213.46.246.54
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab
FF - ProfilePath - c:\documents and settings\ATTILA\Application Data\Mozilla\Firefox\Profiles\0a2atyl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-13 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???Pf??????R?@?????,?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1996915223-2441354797-1584383712-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8B97928-A2ED-B18D-FC74-44A2B5303110}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4E6C6DF71329200000208F0DCE3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808A6171C11EC38DE3DF684DAC54526AE79097D08821BF57C5161764F6FF732107C580706BD2A58B751B97E274B41B4192C012AF98FD196AB84A971DED54BC5C2D08AAC1CC0E1D6272F47E342247F3FC5EDCD511D335049E4D6E334396F5649F05148F5F1790EB0D8525E9C1BA3A8E7749F6D1429E1527A815B70407D7703142F69725F34886D4B371C80C0856FED410836A3C93B67178D7DBC72C8337DC3F532972E1A6FE2C003517D741EB88180D488B877FBD461E2557A38523443E58DB0D3EDE50B96534F255B7D4437CF27179DA2C3B4E957C4FD1B3D1EBD9F7A68587B121244CA7F73E0762A3A3EC04B81EC0B250969858D57B29DAF5522598A90A0FC8E3FBCA4E536C42E3961F3250D88C002054A69F524B2D10C5CD43666873F68D78FC3031A675ECBF529B53B7FDD83D3DAD9E1CC952947AD0DF62BF0FC6D26321A7E8190DE06874BECB90F2FA3E711EEE0DE3BEC7293579FB651F90E88194F87CBEAEEA25D291C1E2655D82E17BBA25B55F456E8CFB978821967768EA84A1576668416BA2F9A5D202A041259124B00E66920C8A624D99735355369B6B127270DD7A1159D278961B4F0764D97036F40E6480739491993F19C7DD7300EAAB809E2033E1E54C9078F406DFE34938A63D2AF8D77E4BF8DEA9A9FDCD9BB60CF6D948D3D75782DCE89A42D7F937F3A0046791DC6DE1C3615C7F82A30E0133F0F1773ACCF0BFDB7226DB1E900D07F3D6B1BC90D7AD34322F5F747ABC81BCCFD0DE827DEFA649B4A656E1CE5397497148A492D62218B51B929AB1418EA59983422FE02C86E8AD5FCECB19C986A623E794E1DE004A3E3D3F6DE7643E64F10B6BED7D32B14D02D412E41BABFFAC6A080E95EC4775C64DCEB9B78510A93A358FB3DEE4B216DBD9C097D1E76E58A74D97BA812D4D6D93719CA280D99741F89EED115DA2AB08440CF6BD17532C3498EDDE3BA78C339EF64E0BB65678D600B15B5366D4318800FDDDF3A53E91F62BCA51F016B51ECAB15A6A09A5E065201605030BA32832506C4890B5B6FD6569E6FBB35AC4993910F432FE7D5E19BF1DD2A36070394AA410EE22FB24A57C550A96DC7D9D82569D29BF8216AF2038C5650F83A894A87FC4237AA2CDD94FEF8EB084834EC0615AEB9D83B95008A98765108DEC0A55CC3F0E077DF52B55CA1E4EB121761EFCC757530250E9725493EA697877521719A46343B154A6808D8BAB17674F3220B58E0030732FB287A6ED39E4125562A277BCDA3D2ABB7A7C7D38C3B95B17ABB89683D51EF07953AC14DFA96490D241DA2875ED40C2C79BF89AA1B14B71BCD6BD9502E0E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1844)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-01-13 22:44:55
ComboFix-quarantined-files.txt 2013-01-13 21:44
ComboFix2.txt 2013-01-02 21:47
.
Pre-Run: 7 818 903 552 bytes free
Post-Run: 8 478 703 616 bytes free
.
- - End Of File - - 1CFE6747ADF57EC8C5793EAACB8715D4

[nasdaq]

sometimes the Firefox returns with "...has timed out" even in that case when
the site is available for other browsers (IE, IOpera).

On Firefox go to your Tools Menu >  Options > Privacy > Show Cookies.

 

Remove the Cookie associated with the site(s) you have problem with.

 

How is it now?

[xmas70]

Hi!

I tested a lot but it is very difficult to say when the problem appears.

Now as I mentioned in my previous post it looks like the following:

In most cases only the Firefox says abruptly to a site '..has timed out' but after that firefox returns with this  message in the case of all pages.

I have just tested after some hours normal working Firefox said '..has timed out'.
1. After deleting cookies (restarting firefox) the situation is the same:
'..has timed out' for every site.

2. Simultaneously other browsers were able to reach these sites for some minutes
but when I tested with the site index.hu the IEXplorer said for some minutes
"Oops! Internet Explorer could not connect to index.hu GOOGLE
Try reloading: index.hu"
But at the same time my wife's computer (on the same internet provider,modem and router) reached this site.

3. After some minutes my IE reached index.hu again.
IE reached www.sztaki.hu as well.

Firefox returns for everything like this (I restarted it again):


The connection has timed out
The server at www.sztaki.hu is taking too long to respond.

4. I tried
ipconfig /flushdns
ipconfig /renew
restarted the Firefox

Appeared the message
Script: resource:///components/nsUrlClassifierLib.js:1208


and nothing changed:
The connection has timed out
The server at ... is taking too long to respond.
for every site.

Do you have any idea what to test or what to do?

Thanks in advance!

 

 

[nasdaq]

Appeared the message

Script: resource:///components/nsUrlClassifierLib.js:1208

 

Is the nsUrlClassifierLib.js in a subfolder named .../xulrunner/?

 

.../xulrunner/components/nsUrlClassifierLib.js

 

Check also if you have a Firefox extension named xulrunner

Reference:

http://www.systemloo...-XULRunner.html

 

I would like to know tha complete path of the the nsUrlClassifierLib.js file if not the same as above.

===

 

Check your Add-ons and Extensions in Firefox if any of these are found please remove it.

 

Extension version 1.29

feedly xt 10.2.437

Firebit

JavaString Helper

Mozilla Safe Browsing 2.0.14

Printing Helper 2.5

safe browsing 2.0.14

Translate This!

XUL Cache 1.0

 

If you see any others that you are not aware of then please post the name for my review.

[xmas70]

All the extensions in the firefox are disabled. I did not find the above mentioned .js on my disks.

But I am a bit emberassed how to descripe the now situation.

Sometimes all of my browsers says again for every URL:

'took too long to respond' or '..has timed out' . 

Now when I wanted to reply this post I had this message again

But

ipconfig /flushdns

ipconfig /renew

worked again.

Then ususally I  have no problem for a while, then again the Firefox returns with this '..has timed out'

but usually the other browsers can reach all the sites.

And sometimes in some hours all of them returns with this '..has timed out' for all sites.

I really don't know what to do.

Have you got any idea?

Thanks in advance.

[nasdaq]

Let me check further.

 

Please download ComboFix from one of these locations:

 

Link 1

Link 2

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

• Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

 

• Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

 

• Do not install any other programs until this if fixed.[/b]

 

• Double click on ComboFix.exe & follow the prompts.

 

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 

 

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

• Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

 

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

 

Do not mouse click ComboFix's window while it's running. That may cause it to stall

 

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

===

 

[xmas70]

Hi!

 

I have run Combofix.

Here is the log.

Thanks.

 

Hi

 

 

ComboFix 13-01-23.01 - ATTILA 013.01.24. 0:31.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1033.18.895.393 [GMT 1:00]
Running from: c:\documents and settings\ATTILA\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security Business Edition 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ATTILA\Local Settings\Application Data\81.tmp
c:\documents and settings\ATTILA\Local Settings\Application Data\82.tmp
c:\documents and settings\ATTILA\Local Settings\Application Data\83.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\50.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\51.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\52.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\7E.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\7F.tmp
c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\80.tmp
c:\documents and settings\ATTILA\ntuser.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 00:09 . 2009-03-09 14:27    1846632    ----a-w-    c:\windows\system32\D3DCompiler_41.dll
2013-01-23 00:09 . 2009-03-09 14:27    453456    ----a-w-    c:\windows\system32\d3dx10_41.dll
2013-01-23 00:09 . 2009-03-09 14:27    4178264    ----a-w-    c:\windows\system32\D3DX9_41.dll
2013-01-23 00:07 . 2013-01-23 00:07    --------    d-----w-    c:\windows\Logs
2013-01-22 22:18 . 2013-01-22 23:33    --------    d-----w-    c:\program files\ChessBase11
2013-01-22 22:18 . 2013-01-22 22:18    --------    dc----w-    c:\documents and settings\All Users\Application Data\ChessBase
2013-01-22 21:52 . 2013-01-22 21:52    --------    d-----w-    c:\documents and settings\ATTILA\Local Settings\Application Data\PackageAware
2013-01-21 22:58 . 2013-01-21 23:04    --------    dc----w-    C:\mai_files
2013-01-21 22:37 . 2013-01-21 22:37    --------    d-----w-    c:\documents and settings\ATTILA\Local Settings\Application Data\Conduit
2013-01-16 22:58 . 2013-01-21 06:30    --------    dc----w-    C:\be2
2013-01-16 05:25 . 2013-01-12 02:30    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 05:24 . 2013-01-14 05:26    --------    d-----w-    c:\program files\totalcmd
2013-01-14 05:22 . 2013-01-14 05:22    5896408    -c--a-w-    C:\tcm801x32_64.exe
2013-01-07 21:37 . 2013-01-07 21:37    --------    dc----w-    C:\toolbarImages
2013-01-06 13:20 . 2012-12-14 15:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-06 13:20 . 2013-01-06 13:22    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-01-03 22:38 . 2013-01-23 23:24    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2013-01-02 20:32 . 2013-01-02 20:32    388096    ----a-r-    c:\documents and settings\ATTILA\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-02 20:32 . 2013-01-02 20:32    --------    d-----w-    c:\program files\Trend Micro
2013-01-02 17:55 . 2013-01-20 08:43    --------    dc----w-    C:\UZES
2013-01-01 01:33 . 2013-01-01 01:33    --------    d-----w-    c:\documents and settings\ATTILA\Local Settings\Application Data\CRE
2012-12-31 23:59 . 2013-01-01 00:06    --------    d-----w-    c:\documents and settings\ATTILA\Local Settings\Application Data\Torch
2012-12-31 23:47 . 2012-12-31 23:47    --------    dc----w-    c:\documents and settings\All Users\Application Data\WoW Worldwide Software LTD
2012-12-31 23:47 . 2013-01-01 09:58    --------    d-----w-    c:\program files\Optimizer Pro
2012-12-31 17:33 . 2012-12-31 18:00    --------    dc----w-    C:\DUPLUM_TOROLNI
2012-12-27 13:26 . 2012-06-03 08:45    5504    ----a-w-    c:\windows\system32\drivers\StarOpen.sys
2012-12-27 13:26 . 2012-12-27 13:26    --------    d-----w-    c:\program files\CDBurnerXP
2012-12-27 10:41 . 2012-12-27 12:51    --------    d-----w-    c:\documents and settings\ATTILA\Application Data\DeepBurner
2012-12-27 10:40 . 2012-12-28 10:07    --------    d-----w-    c:\program files\Astonsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 06:31 . 2013-01-21 06:30    6016969    -c--a-w-    C:\be2.zip
2013-01-19 20:16 . 2013-01-19 20:15    5997786    -c--a-w-    C:\cumul.zip
2013-01-16 23:38 . 2013-01-16 23:38    5804635    -c--a-w-    C:\be.zip
2013-01-09 20:57 . 2012-05-13 08:41    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:57 . 2011-05-25 06:25    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-04 06:39 . 2013-01-04 06:37    46678599    -c--a-w-    C:\kviz.zip
2012-12-16 12:23 . 2004-08-04 08:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-11-28 09:35 . 2012-06-21 15:31    859072    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-11-28 09:35 . 2010-06-14 02:33    779704    ----a-w-    c:\windows\system32\deployJava1.dll
2012-11-13 01:25 . 2004-08-04 08:00    1866368    ----a-w-    c:\windows\system32\win32k.sys
2012-11-09 05:46 . 2012-11-09 05:46    60496    ----a-w-    c:\windows\system32\drivers\Teefer.sys.rmv
2012-11-09 05:46 . 2012-11-09 05:46    21075    ----a-w-    c:\windows\system32\drivers\wpsdrvnt.sys.rmv
2012-11-08 16:33 . 2012-08-30 18:27    26984    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2012-11-08 10:29 . 2012-11-08 10:29    1402312    ----a-w-    c:\windows\system32\msxml4.dll
2012-11-06 02:01 . 2008-10-11 12:33    1371648    ------w-    c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 08:00    375296    ----a-w-    c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 08:00    916992    ----a-w-    c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 08:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 08:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 08:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-01-19 08:30 . 2013-01-19 08:27    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-20 12:22    257024    ----a-w-    c:\program files\WinMount\WinMTExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-01 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-21 295072]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ     autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 18:12    90112    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44    196608    ----a-w-    c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-10 00:38    806912    ----a-w-    c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-02-15 15:43    892928    ----a-w-    c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\ATTILA\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
"c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012.04.19. 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011.09.13. 5:30 31952]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013.01.03. 23:38 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013.01.03. 23:38 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013.01.03. 23:38 11776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011.10.07. 5:23 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011.07.11. 0:14 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012.08.30. 19:27 26984]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009.08.29. 21:44 27704]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012.06.14. 21:29 32768]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011.01.09. 20:56 65856]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013.01.03. 23:38 3084688]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012.02.14. 3:53 193288]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2011.10.18. 17:24 355496]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012.03.23. 13:25 87040]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012.11.29. 20:31 38608]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2012.06.14. 21:28 587472]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2013.01.03. 23:38 54072]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011.12.23. 12:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011.12.23. 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011.12.23. 12:32 17232]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005.10.21. 12:19 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013.01.06. 14:20 21104]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2011.04.12. 15:49 129304]
S1 1653946drv;1653946drv;c:\windows\system32\DRIVERS\1653946drv.sys --> c:\windows\system32\DRIVERS\1653946drv.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\attila\focivb\VCdRom.sys --> c:\attila\focivb\VCdRom.sys [?]
S2 avgfws;AVG tűzfal;c:\program files\AVG\AVG2012\avgfws.exe [2012.06.13. 2:48 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012.08.13. 2:24 5167736]
S2 gupdate1c9b988b8f0cf10;Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10);c:\program files\Google\Update\GoogleUpdate.exe [2009.04.10. 3:59 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013.01.06. 14:20 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013.01.06. 14:20 682344]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012.12.13. 14:26 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.07.13. 12:28 160944]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012.08.27. 19:38 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 17:01 21248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012.09.05. 16:56 234776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 02:54    1606760    ----a-w-    c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 20:58]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006Core.job
- c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006UA.job
- c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008Core.job
- c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008UA.job
- c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46]
.
2013-01-23 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-23 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-23 c:\windows\Tasks\User_Feed_Synchronization-{BFA2D8C0-004E-411F-B5F6-CA001AA56198}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.246.53 213.46.246.54
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab
FF - ProfilePath - c:\documents and settings\ATTILA\Application Data\Mozilla\Firefox\Profiles\0a2atyl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 00:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???Pf??????R?@?????,?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1996915223-2441354797-1584383712-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8B97928-A2ED-B18D-FC74-44A2B5303110}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4E6C6DF71329200000208F0DCE3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808A6171C11EC38DE3DF684DAC54526AE79097D08821BF57C5161764F6FF732107C580706BD2A58B751B97E274B41B4192C012AF98FD196AB84A971DED54BC5C2D08AAC1CC0E1D6272F47E342247F3FC5EDCD511D335049E4D6E334396F5649F05148F5F1790EB0D8525E9C1BA3A8E7749F6D1429E1527A815B70407D7703142F69725F34886D4B371C80C0856FED410836A3C93B67178D7DBC72C8337DC3F532972E1A6FE2C003517D741EB88180D488B877FBD461E2557A38523443E58DB0D3EDE50B96534F255B7D4437CF27179DA2C3B4E957C4FD1B3D1EBD9F7A68587B121244CA7F73E0762A3A3EC04B81EC0B250969858D57B29DAF5522598A90A0FC8E3FBCA4E536C42E3961F3250D88C002054A69F524B2D10C5CD43666873F68D78FC3031A675ECBF529B53B7FDD83D3DAD9E1CC952947AD0DF62BF0FC6D26321A7E8190DE06874BECB90F2FA3E711EEE0DE3BEC7293579FB651F90E88194F87CBEAEEA25D291C1E2655D82E17BBA25B55F456E8CFB978821967768EA84A1576668416BA2F9A5D202A041259124B00E66920C8A624D99735355369B6B127270DD7A1159D278961B4F0764D97036F40E6480739491993F19C7DD7300EAAB809E2033E1E54C9078F406DFE34938A63D2AF8D77E4BF8DEA9A9FDCD9BB60CF6D948D3D75782DCE89A42D7F937F3A0046791DC6DE1C3615C7F82A30E0133F0F1773ACCF0BFDB7226DB1E900D07F3D6B1BC90D7AD34322F5F747ABC81BCCFD0DE827DEFA649B4A656E1CE5397497148A492D62218B51B929AB1418EA59983422FE02C86E8AD5FCECB19C986A623E794E1DE004A3E3D3F6DE7643E64F10B6BED7D32B14D02D412E41BABFFAC6A080E95EC4775C64DCEB9B78510A93A358FB3DEE4B216DBD9C097D1E76E58A74D97BA812D4D6D93719CA280D99741F89EED115DA2AB08440CF6BD17532C3498EDDE3BA78C339EF64E0BB65678D600B15B5366D4318800FDDDF3A53E91F62BCA51F016B51ECAB15A6A09A5E065201605030BA32832506C4890B5B6FD6569E6FBB35AC4993910F432FE7D5E19BF1DD2A36070394AA410EE22FB24A57C550A96DC7D9D82569D29BF8216AF2038C5650F83A894A87FC4237AA2CDD94FEF8EB084834EC0615AEB9D83B95008A98765108DEC0A55CC3F0E077DF52B55CA1E4EB121761EFCC757530250E9725493EA697877521719A46343B154A6808D8BAB17674F3220B58E0030732FB287A6ED39E4125562A277BCDA3D2ABB7A7C7D38C3B95B17ABB89683D51EF07953AC14DFA96490D241DA2875ED40C2C79BF89AA1B14B71BCD6BD9502E0E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1844)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-01-24 00:50:24
ComboFix-quarantined-files.txt 2013-01-23 23:50
ComboFix2.txt 2013-01-13 21:44
ComboFix3.txt 2013-01-02 21:47
.
Pre-Run: 2 237 415 424 bytes free
Post-Run: 2 347 081 728 bytes free
.
- - End Of File - - 4EDBE5E1476B8FC78352AC2B5575907B

[nasdaq]

 

This Firefox proxy setting may not be required. 

FF - prefs.js: network.proxy.type - 4

 

 

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.

 

This may have been set by the malware. If you do not need it execute the fix above.

===

 

Under normal operation you should have these 2 Google servide updates entries.

 

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C: \ Program Files \ Google \ Update \ GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C: \ Program Files \ Google \ Update \ GoogleUpdate.exe

 

You have an extra one listed in bold.

 

O23 - Service: Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10) (gupdate1c9b988b8f0cf10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

Lets just disable that service for now.

 

Please run Notepad and copy the following text into a new file:

 

sc config gupdate1c9b988b8f0cf10 start= disabled

sc stop gupdate1c9b988b8f0cf10

 

 

 

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal. 

If any errors errors encountered please post.

When done you can delete the remove.bat file.

 

Please let me know if the problem persists.

[nasdaq]

Are you still with me?

[nasdaq]

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.