"YOUR SYSTEM IS INFECTED" desktop+popup virus

Printable View

Show 40 post(s) from this thread on one page

January 17th, 2010, 02:11 PM
franktothemax

"YOUR SYSTEM IS INFECTED" desktop+popup virus

I noticed that there was another thread on this website and someone was having the exact same problems as myself.. EXACT same. I tried to post on that thread, and it wouldn't allow me to. This is what happened:

I thought I was downloading the correct webcam drivers/software for my HP laptop, but I was sadly mistaken. My desktop is now green with the warning "YOUR SYSTEM IS INFECTED"..so on and so forth. I tried to do system restore and it tells me "application cannot be executed. the file is infected. please activate your antivirus software."

every once in awhile I get a popup that says "Attention! system detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. Click OK to download official intrusion detection system (IDS software)"

from what i've tried, it seems like i'm helpless and I don't know what to do. I would really appreciate any kind of help whatsoever. please, anybody help me with this.. This is my moms laptop and I feel bad that this had to happen to her, simply because I was trying to download a driver for the webcam that was simply bogus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:21 PM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\frank\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1262481124046
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I hope I did this right, any feedback would be greatly appreciated.
January 17th, 2010, 02:53 PM
Broni
Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
January 17th, 2010, 07:37 PM
franktothemax

so check this out. I downloaded the SUPERAntiSpyware and followed all of the instructions. it took roughly 2 hours. When it asked to reboot, I did. and when I tried to log back on to my Username at the XP login screen it said "connecting" and then it would instantly sign me off. wouldn't even see my desktop. It wouldn't allow me to login on any names, not even the guest.

so I restarted and booted windows in safemode with networking. I opened up SUPERAntiSpyware and tried to open the log. when I try to open the log, it opens for a second, and then I get a message that says Application cannot be executed. the file is infected. please activate your antivirus software.

I don't know what to do now, but in the time being I will follow the last two steps in the instructions that you gave me.

please, any help would be great. there is alot of stuff on her computer that I would hate to have to format. thank you.
January 17th, 2010, 07:43 PM
franktothemax

SUPERAntiVirusSpy log

disregard that last post. when the error message came up, I just moved it to the side and opened the log again and it worked.

Application Version : 4.33.1000

Core Rules Database Version : 4487
Trace Rules Database Version: 2303

Scan type : Complete Scan
Total Scan Time : 02:14:04

Memory items scanned : 234
Memory threats detected : 1
Registry items scanned : 4475
Registry threats detected : 2
File items scanned : 75679
File threats detected : 7

Trojan.Agent/Gen-FA[SMSS32]
C:\WINDOWS\SYSTEM32\SMSS32.EXE
C:\WINDOWS\SYSTEM32\SMSS32.EXE
[smss32.exe] C:\WINDOWS\SYSTEM32\SMSS32.EXE
C:\WINDOWS\Prefetch\SMSS32.EXE-1EEDAC52.pf

Rogue.Agent/Gen
[Wallpaper] C:\WINDOWS\SYSTEM32\WARNING.HTML
C:\WINDOWS\SYSTEM32\WARNING.HTML

Trojan.Agent/Gen-HackPatch
C:\DOCUMENTS AND SETTINGS\FRANK\MY

DOCUMENTS\DOWNLOADS\DVD.NEXT.COPY.ULTIMATE.V3.0.5.3(TREES)\PATCH\DVD.NEXT.COPY.ULTIMATE.3.0.

5.3-PATCH.EXE

Adware.MyWebSearch
C:\OWNER\DOCUMENTS\DOWNLOADS\CURSORMANIASETUP2.3.50.26.ZCMAN000.EXE
C:\OWNER\DOCUMENTS\DOWNLOADS\WEBFETTISETUP2.3.50.26.ZKMAN000 (1).EXE
C:\OWNER\DOCUMENTS\DOWNLOADS\WEBFETTISETUP2.3.50.26.ZKMAN000.EXE
January 17th, 2010, 08:03 PM
Broni

OK :)
January 17th, 2010, 08:53 PM
franktothemax

so broni, I kinda learned from my last action. Y'know how I told you I moved the error message to the side and tried to open the log again and it worked? well when I tried to do the system restore the same message popped up. so, I went back to the system restore, the message came up. I moved it to the side and TADA! it went back two weeks. the desktop and everything is back to normal somewhat, but I know the virus is still on here and it's only a matter of time before it starts to screw everything up again. if I run hijack this and post the log on here will you be able to tell me if there is still something screwed up?
January 17th, 2010, 09:04 PM
Broni

That wasn't a good idea, because by using system restore, you reinfect the system.
In your particular case, it's not tragic, because you ran just one scan, but don't do this in the future (as clearly stated in big red letters in my post #2).

Please, re-run all scans from that post.

With today's malwares, HJT log is not enough to make sure, your computer is clean.
January 19th, 2010, 03:59 PM
franktothemax

logs

alright broni, everything went smooth except for the gmer scan. it appears that everytime I start the scan, after about 10 minutes my computer just turns itself off. this has happened everytime i've tried to run the scan. however i've scanned everything else and I have the log, so check it out:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2010 at 01:51 PM

Application Version : 4.33.1000

Core Rules Database Version : 4487
Trace Rules Database Version: 2303

Scan type : Complete Scan
Total Scan Time : 01:12:02

Memory items scanned : 224
Memory threats detected : 0
Registry items scanned : 4412
Registry threats detected : 0
File items scanned : 51286
File threats detected : 121

Adware.Tracking Cookie
C:\Documents and Settings\frank\Cookies\frank@realmedia[2].txt
C:\Documents and Settings\frank\Cookies\[email protected][2].txt
C:\Documents and Settings\frank\Cookies\frank@fastclick[1].txt
C:\Documents and Settings\frank\Cookies\[email protected][2].txt
C:\Documents and Settings\frank\Cookies\frank@invitemedia[2].txt
C:\Documents and Settings\frank\Cookies\frank@advertising[1].txt
C:\Documents and Settings\frank\Cookies\frank@questionmarket[2].txt
C:\Documents and Settings\frank\Cookies\[email protected][1].txt
C:\Documents and Settings\frank\Cookies\frank@atdmt[3].txt
C:\Documents and Settings\frank\Cookies\frank@atdmt[1].txt
C:\Documents and Settings\frank\Cookies\frank@serving-sys[2].txt
C:\Documents and Settings\frank\Cookies\[email protected][2].txt
C:\Documents and Settings\frank\Cookies\frank@247realmedia[1].txt
C:\Documents and Settings\frank\Cookies\frank@doubleclick[1].txt
C:\Documents and Settings\frank\Cookies\frank@doubleclick[2].txt
C:\Documents and Settings\frank\Cookies\[email protected][1].txt
C:\Documents and Settings\frank\Cookies\frank@insightexpressai[2].txt
C:\Documents and Settings\frank\Cookies\frank@interclick[2].txt
C:\Documents and Settings\frank\Cookies\[email protected][1].txt
C:\Documents and Settings\frank\Cookies\[email protected][2].txt
C:\Documents and Settings\frank\Cookies\frank@revsci[1].txt
C:\Documents and Settings\frank\Cookies\frank@zedo[1].txt
C:\Documents and Settings\frank\Cookies\frank@zedo[2].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Marcy\Cookies\marcy@atdmt[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@casalemedia[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@questionmarket[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@tribalfusion[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@mediaonenetwork[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@serving-sys[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@fastclick[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@realmedia[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@media6degrees[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@pornotube[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@kontera[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@mediaplex[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@hitbox[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@insightexpressai[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@onrampadvertising[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@doubleclick[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@socialmedia[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@bluestreak[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@interclick[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@lakecountyil[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adlegend[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@atdmt[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@imrworldwide[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@collective-media[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@azjmp[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adbureau[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@statcounter[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@specificclick[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@revsci[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@mywebsearch[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@tacoda[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adbrite[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@specificmedia[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@invitemedia[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@websponsors[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@burstnet[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@zedo[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@advertising[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@****overmyex[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@accessclarkcounty[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@traveladvertising[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@burstbeacon[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@trafficmp[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@apmebf[1].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@atwola[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@247realmedia[2].txt
C:\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@2o7[1].txt

Adware.MyWebSearch
C:\OWNER\DOCUMENTS\DOWNLOADS\CURSORMANIASETUP2.3.50.26.ZCMAN000.EXE
C:\OWNER\DOCUMENTS\DOWNLOADS\WEBFETTISETUP2.3.50.26.ZKMAN000 (1).EXE
C:\OWNER\DOCUMENTS\DOWNLOADS\WEBFETTISETUP2.3.50.26.ZKMAN000.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{53501775-68B5-4C10-A0B1-0B85C4654B7A}\RP137\A0022288.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{53501775-68B5-4C10-A0B1-0B85C4654B7A}\RP137\A0022289.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{53501775-68B5-4C10-A0B1-0B85C4654B7A}\RP137\A0022290.EXE

Trojan.Agent/Gen-FA[SMSS32]
C:\WINDOWS\SYSTEM32\SMSS32.EXE

Rogue.Agent/Gen
C:\WINDOWS\SYSTEM32\WARNING.HTML

Trojan.Agent/Gen-FA[WL32]
C:\WINDOWS\SYSTEM32\WINLOGON32.EXE
January 19th, 2010, 04:00 PM
franktothemax

malware log

Malwarebytes' Anti-Malware 1.44
Database version: 3586
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/18/2010 4:14:18 PM
mbam-log-2010-01-18 (16-14-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 239763
Time elapsed: 1 hour(s), 31 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\webcam2\FLV Direct Player.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{53501775-68B5-4C10-A0B1-0B85C4654B7A}\RP143\A0026070.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{53501775-68B5-4C10-A0B1-0B85C4654B7A}\RP143\A0026071.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{53501775-68B5-4C10-A0B1-0B85C4654B7A}\RP143\A0026072.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
January 19th, 2010, 04:02 PM
franktothemax

HJT log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:01:23 PM, on 1/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1262481124046
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6956 bytes
January 19th, 2010, 04:04 PM
Broni

...and GMER....
January 19th, 2010, 04:06 PM
franktothemax

when I run GMER it turns my computer off and I do not get a log or anything..
January 19th, 2010, 04:07 PM
Broni
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE. If Combofix asks you to install Recovery Console, please allow it.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
January 19th, 2010, 06:30 PM
franktothemax

combofix LOG (part 1) too big for one msg

ComboFix 10-01-19.02 - frank 01/19/2010 16:17:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1454 [GMT -6:00]
Running from: c:\documents and settings\frank\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\frank\Application Data\inst.exe
c:\program files\Common
c:\program files\Common\VsoVprev.ax
C:\s
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 20:00 . 2010-01-19 20:00 388096 ----a-r- c:\documents and settings\frank\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-19 20:00 . 2010-01-19 20:00 -------- d-----w- c:\program files\TrendMicro
2010-01-18 15:14 . 2010-01-18 15:14 52224 ----a-w- c:\documents and settings\frank\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-18 15:14 . 2010-01-18 15:17 117760 ----a-w- c:\documents and settings\frank\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-18 15:14 . 2010-01-18 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-18 03:28 . 2010-01-18 03:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-18 03:28 . 2010-01-18 03:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-18 03:28 . 2010-01-18 03:28 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-18 03:28 . 2010-01-19 14:15 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-18 03:28 . 2010-01-18 03:28 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-18 03:28 . 2010-01-18 03:28 -------- d-----w- c:\program files\AVG
2010-01-18 01:11 . 2010-01-18 01:11 -------- d-----w- c:\documents and settings\frank\Application Data\Malwarebytes
2010-01-18 01:11 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 01:11 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-18 01:11 . 2010-01-18 01:11 -------- d-----w- c:\program files\Malwarebytes
2010-01-18 00:27 . 2010-01-18 00:27 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-17 02:42 . 2010-01-18 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-16 09:31 . 2010-01-16 09:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 15:43 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 08:57 . 2010-01-06 08:57 -------- d-----w- c:\program files\AC3Filter
2010-01-05 20:27 . 2010-01-05 20:27 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2010-01-05 20:25 . 2010-01-05 20:25 -------- d-sh--w- c:\documents and settings\Marcy\IETldCache
2010-01-04 18:50 . 2010-01-04 18:50 -------- d-----w- c:\documents and settings\frank\Local Settings\Application Data\PCHealth
2010-01-04 09:10 . 2010-01-04 09:11 -------- d-----w- C:\b15ed8c1a1319963d88c
2010-01-04 08:29 . 2010-01-04 08:29 -------- d-sh--w- c:\documents and settings\frank\PrivacIE
2010-01-04 03:25 . 2010-01-04 03:25 -------- d-sh--w- c:\documents and settings\frank\IETldCache
2010-01-03 23:03 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-03 23:03 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-03 23:03 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-03 23:03 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-03 23:03 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-03 23:03 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-03 23:03 . 2010-01-05 09:01 -------- d-----w- c:\windows\ie8updates
2010-01-03 23:03 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-03 23:01 . 2010-01-03 23:03 -------- dc-h--w- c:\windows\ie8
2010-01-03 22:19 . 2010-01-03 22:19 -------- d-----w- c:\program files\MSXML 6.0
2010-01-03 20:08 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-01-03 20:08 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2010-01-03 20:08 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2010-01-03 20:08 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll
2010-01-03 20:08 . 2008-04-14 12:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-03 20:08 . 2008-04-14 00:11 498742 -c----w- c:\windows\system32\dllcache\dxmasf.dll
2010-01-03 20:08 . 2008-04-14 12:00 87040 -c----w- c:\windows\system32\dllcache\drmstor.dll
2010-01-03 20:08 . 2008-04-14 12:00 695808 -c----w- c:\windows\system32\dllcache\drmv2clt.dll
2010-01-03 20:08 . 2008-04-14 12:00 299520 -c----w- c:\windows\system32\dllcache\drmclien.dll
2010-01-03 20:08 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-01-03 20:08 . 2008-04-14 12:00 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-01-03 20:08 . 2008-04-14 12:00 286720 -c----w- c:\windows\system32\dllcache\blackbox.dll
2010-01-03 20:08 . 2008-04-13 17:23 8192 -c----w- c:\windows\system32\dllcache\asferror.dll
2010-01-03 19:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-03 19:49 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-03 19:49 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-03 19:49 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-03 19:49 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-03 19:49 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-03 19:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-03 19:48 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-03 19:48 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-03 19:48 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-03 19:48 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-03 13:31 . 2010-01-03 13:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-01-03 13:31 . 2010-01-03 13:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-01-03 05:39 . 2010-01-04 06:31 -------- d-----w- c:\documents and settings\frank\Application Data\HpUpdate
2010-01-03 05:39 . 2010-01-03 05:39 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-03 05:24 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-03 03:48 . 2010-01-03 05:21 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-01-03 03:46 . 2010-01-03 22:14 -------- d-----w- c:\windows\ServicePackFiles
2010-01-03 02:56 . 2010-01-03 02:56 10134 ----a-r- c:\documents and settings\frank\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-01-03 02:56 . 2010-01-03 05:39 -------- d-----w- c:\program files\HP
2010-01-03 02:56 . 2010-01-03 02:56 -------- d-----w- c:\windows\Downloaded Installations
2010-01-03 01:56 . 2002-08-29 09:40 20480 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-01-03 01:42 . 2004-08-02 20:20 4569 ------w- c:\windows\system32\secupd.dat
2010-01-03 01:22 . 2008-04-14 00:11 1082368 ----a-w- c:\windows\system32\esent.dll
2010-01-03 01:15 . 2010-01-16 09:35 -------- d-----w- c:\windows\system32\bits
2010-01-03 01:14 . 2010-01-17 09:02 -------- d--h--w- c:\windows\$hf_mig$
2010-01-03 01:13 . 2009-08-25 09:17 354816 ----a-w- c:\windows\system32\winhttp.dll
2010-01-03 01:13 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-01-03 01:12 . 2009-08-07 01:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-03 00:57 . 2010-01-03 00:57 -------- d-----w- C:\WUTemp
2010-01-03 00:55 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\tsbyuv.dll
2010-01-03 00:54 . 2008-04-14 00:11 191488 ----a-w- c:\windows\system32\iuengine.dll
2010-01-02 22:16 . 2002-08-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdfa.dll
2010-01-02 22:15 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-01-02 22:15 . 2002-08-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-01-02 22:15 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-01-02 22:15 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-01-02 22:15 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-01-02 22:15 . 2010-01-02 22:15 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2010-01-02 22:12 . 2008-04-14 00:12 131584 ----a-w- c:\windows\system32\sndrec32.exe
2010-01-02 22:03 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-02 22:01 . 2002-08-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-02 22:01 . 2002-08-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-02 22:01 . 2002-08-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-02 22:01 . 2002-08-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-02 21:40 . 2008-04-14 00:13 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-01-02 21:40 . 2008-04-13 18:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-01-02 21:39 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-01-02 21:39 . 2008-04-14 00:12 146432 ----a-w- c:\windows\system\winspool.drv
2010-01-02 21:39 . 2008-04-14 00:12 74752 ----a-w- c:\windows\system32\storprop.dll
2009-12-31 20:57 . 2009-12-31 20:57 286720 ------w- c:\windows\Setup1.exe
2009-12-31 20:57 . 2009-12-31 20:57 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 20:47 . 2010-01-18 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-31 20:47 . 2009-12-31 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-31 20:47 . 2009-12-31 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-31 20:44 . 2009-12-31 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PY_Software
2009-12-31 20:29 . 2009-12-31 21:09 -------- d-----w- c:\program files\webcam2
2009-12-31 20:17 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 20:17 . 2008-04-14 00:11 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-12-31 20:17 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-31 20:17 . 2009-12-31 20:17 -------- d-----w- c:\documents and settings\frank\Application Data\ManyCam
2009-12-31 20:08 . 2009-12-31 21:09 -------- d-----w- c:\program files\webcam
2009-12-31 20:02 . 2009-12-31 20:03 -------- d-----w- c:\documents and settings\frank\.yawcam
2009-12-31 20:01 . 2009-12-31 21:00 -------- d-----w- c:\program files\Yawcam
2009-12-31 01:34 . 2009-12-31 01:34 -------- d-----w- c:\program files\NOS
January 19th, 2010, 06:30 PM
franktothemax

combofix LOG (part 2)

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 22:21 . 2007-01-04 19:13 -------- d-----w- c:\documents and settings\frank\Application Data\uTorrent
2010-01-19 22:00 . 2010-01-19 22:00 -------- d-----w- c:\program files\Avira
2010-01-19 22:00 . 2010-01-19 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-18 15:14 . 2010-01-17 20:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-18 02:59 . 2007-01-03 05:28 -------- d-----w- c:\program files\COMODO
2010-01-18 01:14 . 2009-09-30 22:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 00:11 . 2010-01-17 02:42 -------- d-----w- c:\program files\AVG(2)
2010-01-18 00:11 . 2010-01-17 06:42 -------- d-----w- c:\program files\RegCleaner
2010-01-18 00:10 . 2010-01-17 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 23:49 . 2010-01-17 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-17 20:35 . 2010-01-17 20:35 -------- d-----w- c:\documents and settings\frank\Application Data\SUPERAntiSpyware.com
2010-01-17 02:43 . 2010-01-17 02:43 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2010-01-12 22:49 . 2009-09-21 03:51 -------- d-----w- c:\program files\World of Warcraft
2010-01-08 10:57 . 2007-01-07 22:17 -------- d-----w- c:\documents and settings\frank\Application Data\Vso
2010-01-08 05:51 . 2007-01-04 10:05 14364 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-05 06:08 . 2007-01-03 04:29 14088 ----a-w- c:\documents and settings\frank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 00:02 . 2009-09-29 00:22 -------- d-----w- c:\program files\DivX
2010-01-05 00:01 . 2009-09-29 00:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-04 09:08 . 2010-01-04 09:08 -------- d-----w- c:\program files\MSBuild
2010-01-04 09:08 . 2010-01-04 09:08 -------- d-----w- c:\program files\Reference Assemblies
2010-01-04 08:50 . 2007-01-03 04:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-03 03:51 . 2007-01-03 04:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-03 02:04 . 2007-01-03 04:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 01:56 . 2010-01-03 01:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-01-02 22:15 . 2010-01-02 22:15 2678 ----a-w- c:\windows\java\Packages\Data\SR97RBPN.DAT
2010-01-02 22:15 . 2010-01-02 22:15 558142 ----a-w- c:\windows\java\Packages\KTZRXVXJ.ZIP
2010-01-02 22:15 . 2010-01-02 22:15 2678 ----a-w- c:\windows\java\Packages\Data\O8A0OOEX.DAT
2010-01-02 22:15 . 2010-01-02 22:15 155995 ----a-w- c:\windows\java\Packages\DZ9ZZL3P.ZIP
2010-01-02 22:15 . 2010-01-02 22:15 2678 ----a-w- c:\windows\java\Packages\Data\Q25B9RXV.DAT
2010-01-02 22:15 . 2010-01-02 22:15 2678 ----a-w- c:\windows\java\Packages\Data\M4OZN7JF.DAT
2010-01-02 22:15 . 2010-01-02 22:15 2678 ----a-w- c:\windows\java\Packages\Data\F1ZJJNVF.DAT
2010-01-02 22:12 . 2007-01-03 04:21 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 23:37 . 2007-01-02 22:02 90112 ----a-w- c:\windows\DUMP59b8.tmp
2009-12-31 01:35 . 2009-09-29 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-19 01:09 . 2009-12-19 01:09 -------- d-----w- c:\documents and settings\Marcy\Application Data\Ventrilo
2009-12-13 07:05 . 2009-09-30 23:00 -------- d-----w- c:\documents and settings\frank\Application Data\Ventrilo
2009-12-10 17:19 . 2007-01-03 05:58 -------- d-----w- c:\program files\Digsby
2009-12-05 09:11 . 2009-12-05 09:11 -------- d-----w- c:\documents and settings\frank\Application Data\Acoustica
2009-12-05 09:11 . 2009-12-05 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-29 07:45 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 23:09 . 2009-10-27 23:09 12728 ----a-w- c:\documents and settings\Marcy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-04 289584]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2007-01-04 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-18 2033432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\frank\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-18 03:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2007-05-03 23:42 376921 ----a-w- c:\program files\Atheros\ACU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 01:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ACS"=2 (0x2)
"nTuneService"=2 (0x2)
"hpqwmiex"=3 (0x3)
"Com4QLBEx"=3 (0x3)
"StyleXPService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/17/2010 9:28 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/17/2010 9:28 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/19/2010 4:00 PM 108289]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/17/2010 9:28 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/17/2010 9:28 PM 285392]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [1/2/2007 10:43 PM 193840]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\frank\Application Data\Mozilla\Firefox\Profiles\kybn2o2b.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-High Definition Audio Property Page Shortcut - CHDAudPropShortcut.exe
AddRemove-Microsoft .NET Framework 2.0 - c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-19 16:23:43
ComboFix-quarantined-files.txt 2010-01-19 22:23

Pre-Run: 11,465,859,072 bytes free
Post-Run: 12,264,628,224 bytes free

- - End Of File - - EA915B8C5EA581FC48452BE6E73AECD2

Show 40 post(s) from this thread on one page