Is virus gone? - Free Antivirus Forum

Is virus gone?

BullGuard Antivirus Forum > Virus Removal > Removal Help > Is virus gone?

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Tik172
New Member

Date Joined Nov 2009
Total Posts : 5

Posted 11-3-2009 10:17 (GMT +1)

Ok, recently i have been having internet trouble. I thought not much of it until I noticed that something was disabling me from downloading anti-virus / spyware software.
After following advice on a separate thread, I managed to download and run Combofix.
Combofix seemed to run successfully and deleted two files. Did it delete the virus? Heres the log

ComboFix 09-11-03.01 - Frank 03/11/2009 20:57.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2104 [GMT 0:00]
Running from: c:\users\Frank\Desktop\321.com.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1486755921-1249932605-2426303840-500
c:\$recycle.bin\S-1-5-21-2664143365-743265310-631203978-500

.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 21:06 . 2009-11-03 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-03 20:33 . 2009-11-03 20:33 -------- d-----w- c:\users\Frank\AppData\Roaming\AVG8
2009-11-03 19:56 . 2009-11-03 19:56 -------- d-----w- c:\windows\UltraDefrag
2009-10-28 07:32 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 07:32 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 14:42 . 2009-10-25 14:42 -------- d-----w- c:\users\Frank\AppData\Local\Blizzard Entertainment
2009-10-20 06:09 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 06:09 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 06:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 06:09 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 06:09 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 06:09 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 06:09 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 06:09 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 06:09 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 05:56 . 2009-10-15 05:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-14 19:56 . 2009-10-14 19:57 -------- d-----w- c:\users\Frank\AppData\Roaming\SynthEyes
2009-10-14 19:56 . 2009-10-14 19:56 -------- d-----w- c:\program files\Andersson Technologies LLC
2009-10-14 16:43 . 2009-10-14 16:43 -------- d-----w- c:\users\Frank\AppData\Roaming\PeerNetworking
2009-10-14 15:37 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 15:37 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-14 15:37 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-14 15:33 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 15:33 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 15:24 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 15:24 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 15:24 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 20:27 . 2009-10-11 20:27 45 ----a-w- c:\users\Frank\jagex_runescape_preferences2.dat
2009-10-06 07:12 . 2009-10-06 07:12 7680 ----a-w- c:\windows\system32\bootexctrl.exe
2009-10-06 07:12 . 2009-10-06 07:12 28672 ----a-w- c:\windows\system32\udefrag-scheduler.exe
2009-10-06 07:12 . 2009-10-06 07:12 10240 ----a-w- c:\windows\system32\defrag_native.exe
2009-10-06 07:11 . 2009-10-06 07:11 47104 ----a-w- c:\windows\system32\ultradefrag.exe
2009-10-06 07:11 . 2009-10-06 07:11 46592 ----a-w- c:\windows\system32\udefrag-gui-config.exe
2009-10-06 07:11 . 2009-10-06 07:11 7680 ----a-w- c:\windows\system32\wgx.dll
2009-10-06 07:11 . 2009-10-06 07:11 20992 ----a-w- c:\windows\system32\udefrag.exe
2009-10-06 07:11 . 2009-10-06 07:11 14848 ----a-w- c:\windows\system32\lua5.1a_gui.exe
2009-10-06 07:11 . 2009-10-06 07:11 10752 ----a-w- c:\windows\system32\lua5.1a.exe
2009-10-06 07:11 . 2009-10-06 07:11 91648 ----a-w- c:\windows\system32\lua5.1a.dll
2009-10-06 07:11 . 2009-10-06 07:11 9728 ----a-w- c:\windows\system32\udefrag.dll
2009-10-06 07:11 . 2009-10-06 07:11 6144 ----a-w- c:\windows\system32\hibernate4win.exe
2009-10-06 07:11 . 2009-10-06 07:11 21504 ----a-w- c:\windows\system32\zenwinx.dll
2009-10-06 07:11 . 2009-10-06 07:11 41984 ----a-w- c:\windows\system32\drivers\ultradfg.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 19:49 . 2009-07-16 15:45 32879 ----a-w- c:\programdata\nvModes.dat
2009-11-03 15:40 . 2009-01-09 07:03 -------- d-----w- c:\programdata\NVIDIA
2009-11-03 15:39 . 2009-07-15 16:03 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-11-02 17:33 . 2009-07-16 09:26 -------- d-----w- c:\users\Frank\AppData\Roaming\Spotify
2009-10-23 07:04 . 2009-08-31 07:45 -------- d-----w- c:\users\Frank\AppData\Roaming\n52te
2009-10-15 06:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-15 05:57 . 2009-08-03 07:15 -------- d-----w- c:\programdata\Microsoft Help
2009-10-11 20:29 . 2009-07-15 16:27 38 ----a-w- c:\users\Frank\jagex_runescape_preferences.dat
2009-10-05 06:16 . 2009-10-03 12:26 256 ----a-w- c:\users\Frank\AppData\Roaming\wklnhst.dat
2009-10-03 12:26 . 2009-10-03 12:26 -------- d-----w- c:\users\Frank\AppData\Roaming\Template
2009-10-02 21:46 . 2009-10-02 21:46 -------- d-----w- c:\programdata\Macrovision
2009-10-02 21:46 . 2009-10-02 21:40 -------- d-----w- c:\program files\Macromedia
2009-10-02 21:44 . 2009-01-09 07:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 21:43 . 2009-10-02 21:40 -------- d-----w- c:\program files\Common Files\Macromedia
2009-10-02 21:40 . 2009-10-02 21:40 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-10-02 21:24 . 2009-10-02 21:24 -------- d-----w- c:\program files\Google
2009-10-02 15:14 . 2009-10-02 14:54 -------- d-----w- c:\program files\VentSrv
2009-10-02 14:53 . 2009-07-16 15:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-01 09:29 . 2009-10-03 07:01 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-22 16:01 . 2009-09-22 15:55 -------- d-----w- c:\users\Frank\AppData\Roaming\Ventrilo
2009-09-22 14:57 . 2009-09-22 14:57 -------- d-----w- c:\program files\Ventrilo
2009-09-21 15:29 . 2009-09-21 15:29 -------- d-----w- c:\program files\Curse
2009-09-20 17:04 . 2009-09-01 18:45 -------- d-----w- c:\program files\The Game Creators
2009-09-20 17:02 . 2009-01-09 07:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-19 08:49 . 2009-01-09 07:26 -------- d-----w- c:\programdata\WildTangent
2009-09-19 08:48 . 2009-01-09 07:26 -------- d-----w- c:\program files\HP Games
2009-09-16 05:49 . 2009-09-15 16:31 615424 ----a-w- c:\windows\system32\themeui.dll
2009-09-16 05:49 . 2009-09-15 16:31 240128 ----a-w- c:\windows\system32\uxtheme.dll
2009-09-15 18:57 . 2009-07-15 15:00 80408 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-15 18:48 . 2009-09-15 18:48 -------- d-----w- c:\program files\CodeGazer
2009-09-15 16:43 . 2009-09-15 16:43 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-15 16:15 . 2009-07-15 14:57 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 15:33 . 2009-09-15 15:33 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-15 15:25 . 2009-07-16 15:24 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-15 15:23 . 2009-09-15 15:23 -------- d-----w- c:\users\Frank\AppData\Roaming\SystemRequirementsLab
2009-09-15 15:23 . 2009-09-15 15:23 207872 ----a-w- c:\users\Frank\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-09-15 15:23 . 2009-09-15 15:23 207872 ----a-w- c:\users\Frank\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-09-15 15:23 . 2009-09-15 15:23 207872 ----a-w- c:\users\Frank\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-09-15 15:23 . 2009-09-15 15:23 207872 ----a-w- c:\users\Frank\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-09-14 14:49 . 2009-09-14 14:49 -------- d-----w- c:\program files\Microsoft
2009-09-14 14:49 . 2009-09-14 14:48 -------- d-----w- c:\program files\Windows Live
2009-09-14 14:49 . 2009-09-14 14:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-14 14:46 . 2009-09-14 14:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-13 09:21 . 2009-09-13 09:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-09-07 17:36 . 2009-09-07 17:33 -------- d-----w- c:\program files\Image-Line
2009-09-07 17:36 . 2009-09-07 17:36 -------- d-----w- c:\program files\ASIO4ALL v2
2009-09-07 17:35 . 2009-09-07 17:35 -------- d-----w- c:\program files\VstPlugins
2009-09-07 17:35 . 2009-09-07 17:35 -------- d-----w- c:\program files\Outsim
2009-09-07 15:59 . 2009-07-18 19:08 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2009-09-07 15:52 . 2009-07-15 16:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-07 15:52 . 2009-09-07 15:46 -------- d-----w- c:\program files\Java
2009-09-07 15:46 . 2009-09-07 15:46 -------- d-----w- c:\program files\Common Files\Java
2009-09-02 18:13 . 2009-07-15 15:04 1356 ----a-w- c:\users\Frank\AppData\Local\d3d9caps.dat
2009-08-29 00:27 . 2009-09-03 06:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 06:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-20 13:34 . 2009-08-20 13:34 1961720 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 08:06 . 2009-07-15 15:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 08:06 . 2009-07-15 15:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 08:06 . 2009-07-15 15:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 01:42 . 2009-08-17 01:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 01:42 . 2009-08-17 01:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 01:41 . 2009-08-17 01:41 3176992 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 01:41 . 2009-08-17 01:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 01:41 . 2009-08-17 01:41 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 01:41 . 2009-08-17 01:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 01:41 . 2009-08-17 01:41 3553824 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 01:41 . 2009-08-17 01:41 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 01:41 . 2009-08-17 01:41 764448 ----a-w- c:\windows\system32\nvsvc.dll
2009-08-17 01:41 . 2009-08-17 01:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 01:41 . 2009-08-17 01:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-08-17 01:41 . 2009-08-17 01:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 23:57 . 2009-08-16 23:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-16 23:57 . 2009-08-16 23:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2009-08-16 23:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-08-16 23:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-08-16 23:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-16 23:57 . 2009-06-10 05:03 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-16 23:57 . 2009-01-09 07:00 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-16 23:57 . 2009-01-09 07:00 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-14 16:27 . 2009-09-10 05:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 05:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 05:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 05:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 05:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 05:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 05:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 05:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 05:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 05:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 05:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 11:35 . 2009-01-09 06:45 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-01-09 14:41 . 2009-01-09 14:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2009-09-16 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 17:04 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-08 1934336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-07 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):87,4b,71,3e,49,23,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15/07/2009 15:30 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15/07/2009 15:30 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/07/2009 15:30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/07/2009 15:30 297752]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 00:32 239648]
R3 JmtFltr;n52te;c:\windows\System32\drivers\JmtFltr.sys [15/07/2009 16:29 48896]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 00:58 20640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - ULTRADFG
*Deregistered* - mbr
*Deregistered* - PROCEXP113
*Deregistered* - ultradfg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486755921-1249932605-2426303840-1000Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-15 15:10]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486755921-1249932605-2426303840-1000UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-15 15:10]

2009-07-15 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{4DA95E02-63F0-4B46-BFBA-2AF2C2C78C99}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14919&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 21:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6060)
c:\users\Frank\AppData\Local\FLVService\lib\FLVSrvLib.dll
.
Completion time: 2009-11-03 21:08
ComboFix-quarantined-files.txt 2009-11-03 21:07

Pre-Run: 155,974,090,752 bytes free
Post-Run: 156,095,275,008 bytes free

What should/do I do now?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 11-4-2009 5:29 (GMT +1)

Hello Tik172 and welcome to BG smile

Please follow this guide:

Before-posting-a-log

Follow the instructions and copy the logs here, in this Topic.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Tik172
New Member

Date Joined Nov 2009
Total Posts : 5

Posted 11-4-2009 7:47 (GMT +1)

Looked at the log. Installed the programs, scanned and nothing is coming up. Internet is still messed up and I cannot download/install many types of anti-virus software. Attempted to download avast! and getting the same error, followed by this setup log:

04.11.2009 18:10:17 general: Started: 04.11.2009, 18:10:17
04.11.2009 18:10:17 system: Operating system: Windows Vista ver 6.0, build 6001, sp 1.0 [Service Pack 1]
04.11.2009 18:10:17 system: Memory: 43% load. Phys:1932832/2097151K free, Page:4194303/4194303K free, Virt:2039152/2097024K free
04.11.2009 18:10:17 system: Computer WinName: Frank-PC
04.11.2009 18:10:17 system: Windows Net User: Frank-PC\Frank
04.11.2009 18:10:17 general: Old version: ffffffff (-1)
04.11.2009 18:10:17 system: Using temp: C:\Users\Frank\AppData\Local\Temp\_av_inet.tm~a04024 (268167M free)
04.11.2009 18:10:17 internet: SYNCER: Type: use IE settings
04.11.2009 18:10:17 internet: SYNCER: Auth: another authentication, use WinInet
04.11.2009 18:10:17 general: Install check: Program folder does NOT exist in registry
04.11.2009 18:10:17 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
04.11.2009 18:10:21 general: progress thread start
04.11.2009 18:10:21 general: Destination: C:\Users\Frank\AppData\Local\Temp\_av_inet.tm~a04024
04.11.2009 18:10:21 general: Starting download: http://www.avast.com/go.php?verb=get-avast-home&type=cnet&langid=eng
04.11.2009 18:28:10 internet: ERROR:HttpGetWininet, catch returned 0x00002EE2
04.11.2009 18:39:06 internet: ERROR:HttpGetWininet, catch returned 0x00002EE2
04.11.2009 18:42:27 general: Download finished from server download805.avast.com, result: 0x000004C7, server response: 200
04.11.2009 18:42:27 general: Stats download805.avast.com, server response: 1223
04.11.2009 18:42:28 general: POST result: 0x00000000, server response: 204

I've reset my computer to factory settings but the problems persist. I'm sure I have a virus.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 11-5-2009 6:42 (GMT +1)

Ok, I still suggest ->

Please follow this guide:

Before-posting-a-log

Follow the instructions and copy the logs here, in this Topic.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Tik172
New Member

Date Joined Nov 2009
Total Posts : 5

Posted 11-5-2009 8:14 (GMT +1)

DDS log

DDS (Ver_09-10-26.01) - NTFSx86
Run by Frank at 7:01:25.30 on 05/11/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3326.2323 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Frank\Documents\Downloads\avast_home_setup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Frank\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [Google Update] "c:\users\frank\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster 2010\launcher.exe" delay 20000
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [2009-11-4 128400]
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2009-1-9 133152]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-10 20640]

=============== Created Last 30 ================

2009-11-04 20:25:14 0 d-----w- c:\program files\common files\Blizzard Entertainment.temp
2009-11-04 19:33:34 0 d-----w- c:\programdata\Blizzard
2009-11-04 19:31:08 8 ----a-w- c:\windows\crpf.bin
2009-11-04 19:31:08 4723464 ----a-w- c:\windows\csdf.dat
2009-11-04 19:31:08 4 ----a-w- c:\windows\crpf_sdum.bin
2009-11-04 19:31:08 2876840 ----a-w- c:\windows\csdf_sdum.dat
2009-11-04 19:09:09 13824 ----a-w- c:\windows\system32\cnat.exe
2009-11-04 19:09:09 128400 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2009-11-04 19:09:06 0 d-----w- c:\program files\COMODO
2009-11-04 19:01:15 0 d-----w- c:\users\frank\appdata\roaming\Uniblue
2009-11-04 19:01:13 0 d-----w- c:\users\frank\appdata\roaming\Spotify
2009-11-04 19:01:11 0 d-----w- c:\program files\Spotify
2009-11-04 19:01:05 0 d-----w- c:\program files\Uniblue
2009-11-04 18:46:20 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-04 18:33:37 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-04 18:31:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-04 18:28:30 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-11-04 18:28:29 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-11-04 18:28:29 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-11-04 18:28:29 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2009-11-04 18:28:29 11264 ----a-w- c:\windows\system32\icardres.dll
2009-11-04 18:28:29 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-04 18:28:27 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-11-04 18:28:26 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-04 18:24:54 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-11-04 18:24:52 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-11-04 18:24:50 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-04 18:24:44 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-11-04 18:24:41 83968 ----a-w- c:\windows\system32\mscories.dll
2009-11-04 18:14:41 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-04 18:14:41 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-11-04 18:14:40 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-04 18:14:38 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-11-04 18:14:38 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-11-04 18:11:59 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-04 18:10:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-04 18:09:57 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-11-04 18:07:29 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-11-04 18:07:29 94720 ----a-w- c:\windows\system32\logagent.exe
2009-11-04 18:06:43 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-11-04 18:06:30 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 18:04:05 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-11-04 18:03:59 1645568 ----a-w- c:\windows\system32\connect.dll
2009-11-04 18:03:34 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-04 18:03:28 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-04 18:03:13 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-11-04 17:55:38 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 17:55:28 0 d-----w- c:\users\frank\appdata\roaming\HP TCS
2009-11-04 17:55:27 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 17:55:23 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-11-04 17:55:23 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 17:54:05 1862 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NC059AA-ABU SR5722UK_YC_0Pres_Q3CR903_E91WEv3PrA2_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.04_T081205_WUH1_L409_M3327_J320_7AMD_8Athlon 64 X2 Dual Core_92.6_#090715_N10DE0760_Z_G10DE0847.MRK
2009-11-04 17:52:46 0 d-sh--we c:\programdata\Documents
2009-11-04 17:52:46 0 d-sh--we C:\Documents and Settings
2009-10-27 09:53:24 8192 ----a-w- c:\windows\system32\CSC.exe

==================== Find3M ====================

2009-11-04 18:31:57 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 18:31:57 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-04 18:31:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-01-09 14:40:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-09 14:41:57 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 7:01:38.61 ===============

Tik172
New Member

Date Joined Nov 2009
Total Posts : 5

Posted 11-5-2009 8:14 (GMT +1)

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:02:18, on 05/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Users\Frank\Documents\Downloads\avast_home_setup.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2010\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5718 bytes

Tik172
New Member

Date Joined Nov 2009
Total Posts : 5

Posted 11-5-2009 8:16 (GMT +1)

Mbam log coming up...

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 11-5-2009 2:23 (GMT +1)

"Mbam log coming up

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Tik172
New Member

Date Joined Nov 2009
Total Posts : 5

Posted 11-5-2009 6:42 (GMT +1)

Malwarebytes' Anti-Malware 1.41
Database version: 3103
Windows 6.0.6001 Service Pack 1

05/11/2009 17:41:50
mbam-log-2009-11-05 (17-41-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 217171
Time elapsed: 55 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

found nothing.... :S

Forum Information

Currently it is Saturday, November 21, 2009 5:14 AM (GMT +1)
There are a total of 73.023 posts in 17.111 threads.
In the last 3 days there were 9 new threads and 75 reply posts. View Active Threads