HiJack log help

Question

David Rogers 0 Newbie Poster

15 Years Ago

I am getting a redirect virus. Its a go.google/go.yahoo type that activates when I try and click on a link for a websearch. It wont let me into Hijack This forums but it let me through here from its redirect search engine. I ran Avira in safe mode and deleted the quarentine and scanned completely but its not picking it up. Its not being picked up with virus scans. Tried Adaware, AVG, Nod32 and its eluding them.
Avira caught the virus as did AVG. The virus was quarentined and deleted in safe mode but it persists.

Its also not letting me download Malwarebytes' Anti-Malware from http://www.besttechie.net/tools/mbam-setup.exe although I did dl it from Cnet and it will not install in normal or safe mode.

Heres the log.

Scan saved at 1:15:10 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v11.www.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:20069
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.11\RivaTuner.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11847 bytes

windows-virus

4 Contributors
17 Replies
354 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

All 17 Replies

crunchie 990 Most Valuable Poster

15 Years Ago

Hi and welcome to the Daniweb forums :).

==========

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

cohen 17 Practically a Posting Shark

15 Years Ago

OK,

Can you pls follow the ATF cleaner instructions in this thread.

once you have done that, see if you can download and run MBA-M

and then post a fresh hijackthis log.

Thanks,

Cohen

cohen 17 Practically a Posting Shark

15 Years Ago

OK, can you pls post the MBA-M log, and also trying running it in normal mode.....

if you can get it to run in normal mode, post that log along with a fresh hijackthis log.

Thankyou,

Cohen

crunchie 990 Most Valuable Poster

15 Years Ago

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
KillAll::

File::
c:\windows\system32\TDSSmtve.dat
Folder::c:\program files\TrymediaNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

====

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract
All,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log.

Please post the SDFix log within CODE Tags.

crunchie 990 Most Valuable Poster

15 Years Ago

And the rest of my instructions??

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

David Rogers 0 Newbie Poster · Answer 1 · 2008-11-23T06:38:15+00:00

ComboFix 08-11-22.02 - Owner 2008-11-22 17:11:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1436 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 14:13 . 2008-11-22 14:13 <DIR> d-------- c:\documents and settings\Owner\DoctorWeb
2008-11-22 13:39 . 2008-11-22 13:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 13:39 . 2008-11-22 13:39 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-22 13:39 . 2008-11-22 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 13:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 13:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 10:29 . 1998-06-24 13:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX
2008-11-22 10:12 . 2008-11-22 10:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\RegFixPro
2008-11-22 10:03 . 2008-11-22 10:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-22 07:26 . 2008-11-22 07:36 527 --a------ c:\windows\system32\TDSSmtve.dat
2008-11-19 15:01 . 2008-11-19 15:01 <DIR> d-------- C:\cabs
2008-11-19 10:14 . 2008-11-19 10:14 <DIR> d-------- c:\program files\RivaTuner v2.11
2008-11-19 07:09 . 2008-11-21 10:15 <DIR> d-------- c:\program files\World of Warcraft
2008-11-12 11:18 . 2008-09-04 10:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:17 . 2008-10-24 04:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:03 . 2008-11-11 19:03 <DIR> d-------- C:\CFLog
2008-11-11 18:27 . 2008-11-11 18:27 <DIR> d-------- c:\program files\G4box
2008-11-10 12:50 . 2008-11-10 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-08 17:40 . 2008-11-22 10:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 17:30 . 2008-11-22 14:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 17:30 . 2008-11-08 17:30 <DIR> d-------- c:\program files\AVG
2008-11-08 17:30 . 2008-11-08 17:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2008-11-08 17:30 . 2008-11-22 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 17:30 . 2008-11-08 17:30 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 17:30 . 2008-11-08 17:30 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 17:30 . 2008-11-08 17:30 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-03 17:08 . 2008-11-03 17:08 <DIR> d-------- C:\AeriaGames
2008-11-01 14:33 . 2008-11-01 14:33 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-10-29 04:31 . 2008-10-29 04:31 <DIR> d-------- C:\CrashRpt
2008-10-29 04:31 . 2008-10-29 04:31 <DIR> d-------- C:\CrashReport
2008-10-27 11:02 . 2008-10-27 11:02 <DIR> d-------- c:\program files\steam
2008-10-26 16:53 . 2008-10-26 16:50 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-10-26 16:50 . 2008-10-26 16:53 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2008-10-26 16:42 . 2008-10-26 16:42 <DIR> d-------- c:\program files\Trend Micro
2008-10-25 08:48 . 2008-10-25 08:48 <DIR> d-------- c:\program files\Valve
2008-10-25 08:19 . 2008-10-25 08:22 <DIR> d-------- c:\program files\Trymedia
2008-10-25 08:16 . 2008-10-26 13:58 <DIR> d-------- c:\program files\Atari-Infogrames
2008-10-24 06:02 . 2008-10-15 09:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 17:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-22 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 18:15 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-19 13:05 --------- d-----w c:\program files\RivaTuner v2.09
2008-11-18 14:20 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-18 14:19 202,648 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-11 19:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 19:54 --------- d-----w c:\program files\Activision
2008-11-01 21:33 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-01 21:33 22,328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2008-10-25 19:43 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 20:33 --------- d-----w c:\program files\Opera
2008-10-14 20:53 --------- d-----w c:\program files\Windows Defender
2008-10-14 16:35 --------- d-----w c:\program files\Avira
2008-10-14 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-10 22:30 --------- d-----w c:\program files\Triggersoft
2008-10-10 18:03 --------- d-----w c:\program files\Aeria Games
2008-10-10 00:41 --------- d-----w c:\program files\Lizard Interactive Co
2008-10-09 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-09 14:48 --------- d-----w c:\program files\Lavasoft
2008-10-09 14:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-08 14:31 --------- d-----w c:\documents and settings\Owner\Application Data\IGN_DLM
2008-10-07 22:59 354,560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-10-07 22:59 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-07 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-07 22:45 --------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software
2008-10-07 19:33 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-10-02 16:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-10-02 00:35 --------- d-----w c:\program files\Outspark
2008-10-01 23:40 --------- d-----r c:\program files\Support.com
2008-10-01 23:37 --------- d-----w c:\program files\SupportSoft
2008-10-01 23:37 --------- d-----w c:\documents and settings\All Users\Application Data\Support.com
2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 02:52 703,257 ----a-w c:\windows\unins000.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-08 18:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-23 21:02 0 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-01-29 20:51 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 68856]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-06 133104]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-25 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2005-11-18 1851392]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"CHotkey"="zHotkey.exe" [2004-05-17 c:\windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
RivaTuner.lnk - c:\program files\RivaTuner v2.11\RivaTuner.exe [2008-09-16 2715648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2007-11-08 1742384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-12 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Atari-Infogrames\\Dead Man's Hand\\System\\DMH.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sekjen\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Atari-Infogrames\\Dead Man's Hand\\System\\Udebugger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sekjen\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sekjen\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"22114:TCP"= 22114:TCP:BitCometLite 22114 TCP
"22114:UDP"= 22114:UDP:BitCometLite 22114 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 78416]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2008-08-20 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040]
R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-07-24 4448]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-02-02 80528]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2005-04-13 14336]
R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-07-24 3328]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys [2007-12-02 227200]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2008-08-20 8832]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\Drivers\RIOXDRV.sys [2008-08-01 18304]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-07 354560]
S3 XDva008;XDva008; []
S3 XDva019;XDva019; []
S3 XDva037;XDva037; []
S3 XDva076;XDva076; []
S3 XDva132;XDva132; []
S3 XDva164;XDva164; []
S3 XDva201;XDva201; []
S3 XDva207;XDva207; []
S3 XDva208;XDva208; []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Installer.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]

2008-11-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-06 08:40]

2008-11-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-22 c:\windows\Tasks\RegFixPro Scheduled Scan.job
- c:\program files\RegFixPro\RegFixPro.exe []

2008-11-22 c:\windows\Tasks\RegFixPro Scheduled Scan.job
- c:\program files\RegFixPro []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pxj2uio9.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 17:17:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000002FDB35F7E23DF9DB1D

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\ehmsas.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-11-22 17:24:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-23 00:24:07

Pre-Run: 68,658,716,672 bytes free
Post-Run: 73,322,717,184 bytes free

282 --- E O F --- 2008-11-21 12:23:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:05 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v11.www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:20069
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.11\RivaTuner.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11500 bytes

David Rogers 0 Newbie Poster · Answer 2 · 2008-11-23T07:01:16+00:00

I did get MBA intstalled and ran it in safe mode. It picked up 12 virus files. Its not redirecting or crawling anymore. Here is the fresh log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:57 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v11.www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:20069
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.11\RivaTuner.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11415 bytes

Thank you so much.

David Rogers 0 Newbie Poster · Answer 3 · 2008-11-23T08:03:50+00:00

ComboFix 08-11-22.02 - Owner 2008-11-22 18:40:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1364 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\TDSSmtve.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSmtve.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 14:13 . 2008-11-22 14:13 <DIR> d-------- c:\documents and settings\Owner\DoctorWeb
2008-11-22 13:39 . 2008-11-22 13:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 13:39 . 2008-11-22 13:39 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-22 13:39 . 2008-11-22 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 13:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 13:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 10:29 . 1998-06-24 13:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX
2008-11-22 10:12 . 2008-11-22 10:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\RegFixPro
2008-11-22 10:03 . 2008-11-22 10:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-19 15:01 . 2008-11-19 15:01 <DIR> d-------- C:\cabs
2008-11-19 10:14 . 2008-11-19 10:14 <DIR> d-------- c:\program files\RivaTuner v2.11
2008-11-19 07:09 . 2008-11-21 10:15 <DIR> d-------- c:\program files\World of Warcraft
2008-11-12 11:18 . 2008-09-04 10:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:17 . 2008-10-24 04:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:03 . 2008-11-11 19:03 <DIR> d-------- C:\CFLog
2008-11-11 18:27 . 2008-11-11 18:27 <DIR> d-------- c:\program files\G4box
2008-11-10 12:50 . 2008-11-10 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-08 17:40 . 2008-11-22 10:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 17:30 . 2008-11-22 14:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 17:30 . 2008-11-08 17:30 <DIR> d-------- c:\program files\AVG
2008-11-08 17:30 . 2008-11-08 17:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2008-11-08 17:30 . 2008-11-22 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 17:30 . 2008-11-08 17:30 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 17:30 . 2008-11-08 17:30 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 17:30 . 2008-11-08 17:30 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-03 17:08 . 2008-11-03 17:08 <DIR> d-------- C:\AeriaGames
2008-11-01 14:33 . 2008-11-01 14:33 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-10-29 04:31 . 2008-10-29 04:31 <DIR> d-------- C:\CrashRpt
2008-10-29 04:31 . 2008-10-29 04:31 <DIR> d-------- C:\CrashReport
2008-10-27 11:02 . 2008-10-27 11:02 <DIR> d-------- c:\program files\steam
2008-10-26 16:53 . 2008-10-26 16:50 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-10-26 16:50 . 2008-10-26 16:53 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2008-10-26 16:42 . 2008-10-26 16:42 <DIR> d-------- c:\program files\Trend Micro
2008-10-25 08:48 . 2008-10-25 08:48 <DIR> d-------- c:\program files\Valve
2008-10-25 08:19 . 2008-10-25 08:22 <DIR> d-------- c:\program files\Trymedia
2008-10-25 08:16 . 2008-10-26 13:58 <DIR> d-------- c:\program files\Atari-Infogrames
2008-10-24 06:02 . 2008-10-15 09:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 17:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-22 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 18:15 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-19 13:05 --------- d-----w c:\program files\RivaTuner v2.09
2008-11-18 14:20 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-11 19:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 19:54 --------- d-----w c:\program files\Activision
2008-11-01 21:33 22,328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2008-10-25 19:43 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 20:33 --------- d-----w c:\program files\Opera
2008-10-14 20:53 --------- d-----w c:\program files\Windows Defender
2008-10-14 16:35 --------- d-----w c:\program files\Avira
2008-10-14 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-10 22:30 --------- d-----w c:\program files\Triggersoft
2008-10-10 18:03 --------- d-----w c:\program files\Aeria Games
2008-10-10 00:41 --------- d-----w c:\program files\Lizard Interactive Co
2008-10-09 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-09 14:48 --------- d-----w c:\program files\Lavasoft
2008-10-09 14:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-08 14:31 --------- d-----w c:\documents and settings\Owner\Application Data\IGN_DLM
2008-10-07 22:59 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-07 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-07 22:45 --------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software
2008-10-07 20:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-02 00:35 --------- d-----w c:\program files\Outspark
2008-10-01 23:40 --------- d-----r c:\program files\Support.com
2008-10-01 23:37 --------- d-----w c:\program files\SupportSoft
2008-10-01 23:37 --------- d-----w c:\documents and settings\All Users\Application Data\Support.com
2008-09-20 02:52 703,257 ----a-w c:\windows\unins000.exe
2008-07-23 21:02 0 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-01-29 20:51 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-22_17.23.40.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-23 01:46:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_118.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4