Welcome Guest ( Login | Register )
        

Home » Windows & System Security » HiJack This Logs » Hikack This Log Check
Hikack This Log Check Expand / Collapse
Author
Message
Posted 1/5/2009 10:24 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 10/2/2005 2:10 PM
Posts: 18, Visits: 5
I did a scan with all except spybotS&D. During a scan with Malwarebytes I was on youtube and AVG went off.





heres a screencap of what it found:





Heres my Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:08 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 8164 bytes
  Post #247178
 
Posted 1/6/2009 1:42 AM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Welcome

Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall



Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

*Note*
Combofix is an extremely powerful tool and should only be used with the help of a malware removal expert,and was intended by its creator sUBs to be used like this.
If the program is used incorrectly by a novice it could render their pc inoperable/unusable.

Also post a new Hijackthis log please.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #247179
 
Posted 1/6/2009 1:42 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 10/2/2005 2:10 PM
Posts: 18, Visits: 5
combofix log:

ComboFix 09-01-05.05 - HP_Administrator 2009-01-06 7:45:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.587 [GMT -10:00]
Running from: c:\documents and settings\HP_Administrator\desktop\combofix.exe
Command switches used :: /killall
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-04 22:12 . 2009-01-04 22:15d--------c:\program files\Spybot - Search & Destroy
2009-01-02 16:23 . 2009-01-05 15:58237,568--a------c:\windows\system32\rmc_rtspdl.dll
2009-01-02 16:23 . 2009-01-05 15:58156,672--a------c:\windows\system32\rmc_fixasf.exe
2009-01-02 16:22 . 2009-01-02 16:22d--------c:\windows\Replay Media Catcher
2009-01-02 16:22 . 2009-01-05 15:58323,584--a------c:\windows\system32\AUDIOGENIE2.DLL
2009-01-02 16:19 . 2009-01-05 16:04d--------c:\program files\Replay Media Catcher
2009-01-01 20:55 . 2009-01-01 20:55d--------c:\program files\eRightSoft
2009-01-01 20:55 . 2006-09-12 00:46227,328-r-hs----c:\windows\system32\ac3DX.ax
2009-01-01 20:55 . 2008-03-16 02:30216,064-r-hs----c:\windows\system32bDX.dll
2009-01-01 20:55 . 2006-03-10 10:48169,472-r-hs----c:\windows\system32\MatroskaDX.ax
2009-01-01 20:55 . 2006-05-02 23:06163,328-r-hs----c:\windows\system32\flvDX.dll
2009-01-01 20:55 . 2005-11-25 09:46161,792-r-hs----c:\windows\system32\RealMediaDX.ax
2009-01-01 20:55 . 2006-01-12 12:23123,904-r-hs----c:\windows\system32\AVCDX.ax
2009-01-01 20:55 . 2003-11-20 12:0054,784-r-hs----c:\windows\system32\RLAPEDec.ax
2009-01-01 20:55 . 2004-04-26 12:0037,888-r-hs----c:\windows\system32\RLMPCDec.ax
2009-01-01 20:55 . 2007-02-21 00:4731,232-r-hs----c:\windows\system32\msfDX.dll
2008-12-29 09:37 . 2008-12-29 09:37d--------c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-29 09:37 . 2009-01-04 18:3815,504--a------c:\windows\system32\drivers\mbam.sys
2008-12-29 09:36 . 2009-01-05 08:09d--------c:\program files\Malwarebytes' Anti-Malware
2008-12-29 09:36 . 2008-12-29 09:36d--------c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 09:36 . 2009-01-04 18:3838,496--a------c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 18:02 . 2008-12-21 15:19102,664--a------c:\windows\system32\drivers\tmcomm.sys
2008-12-28 15:40 . 2008-12-28 15:40410,984--a------c:\windows\system32\deploytk.dll
2008-12-26 10:53 . 2009-01-05 17:15d--h-----C:\$AVG8.VAULT$
2008-12-25 10:23 . 2009-01-05 14:19d--------c:\windows\system32\drivers\Avg
2008-12-25 10:23 . 2008-12-25 10:23d--------c:\program files\AVG
2008-12-25 10:23 . 2008-12-25 10:23d--------c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-25 10:23 . 2008-12-25 21:58d--------c:\documents and settings\All Users\Application Data\avg8
2008-12-25 10:23 . 2008-12-25 10:2397,928--a------c:\windows\system32\drivers\avgldx86.sys
2008-12-25 10:23 . 2008-12-25 10:2376,040--a------c:\windows\system32\drivers\avgtdix.sys
2008-12-25 10:23 . 2008-12-25 10:2310,520--a------c:\windows\system32\avgrsstx.dll
2008-12-23 12:50 . 2009-01-05 09:10d--------c:\program files\FriendBlasterPro
2008-12-23 09:11 . 2008-12-23 09:11d--------c:\windows\system32\CallBurner
2008-12-23 09:11 . 2008-12-23 09:11d--------c:\program files\CallBurner
2008-12-23 09:10 . 2008-12-23 09:10114,688--a------c:\windows\eWebControl.dll
2008-12-23 09:10 . 2008-12-23 09:1081,920--a------c:\windows\eSellerateControl350.dll
2008-12-22 14:31 . 2008-12-22 14:31d--------c:\documents and settings\HP_Administrator\Application Data\LEAPS
2008-12-21 18:10 . 2009-01-01 19:50d--------c:\documents and settings\HP_Administrator\Application Data\skypePM
2008-12-21 18:10 . 2008-12-21 18:1056--ah-----c:\windows\system32\ezsidmv.dat
2008-12-21 18:05 . 2009-01-01 23:45d--------c:\documents and settings\HP_Administrator\Application Data\Skype
2008-12-21 18:04 . 2008-12-21 18:04d--------c:\program files\Skype
2008-12-21 18:04 . 2008-12-21 18:04d--------c:\program files\Common Files\Skype
2008-12-21 18:04 . 2008-12-21 18:04d--------c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 17:41---------d-----wc:\program files\PeerGuardian2
2009-01-06 05:49---------d-----wc:\documents and settings\HP_Administrator\Application Data\VideoReDoPlus
2009-01-06 05:44---------d---a-wc:\documents and settings\All Users\Application Data\TEMP
2009-01-05 23:17---------d-----wc:\program files\SUPERAntiSpyware
2009-01-05 23:17---------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-01-05 22:33---------d--h--wc:\program files\InstallShield Installation Information
2009-01-05 22:33---------d-----wc:\program files\CyberLink
2009-01-05 08:15---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 22:30---------d-----wc:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-02 07:18---------d-----wc:\documents and settings\HP_Administrator\Application Data\Audacity
2009-01-01 04:00---------d-----wc:\documents and settings\HP_Administrator\Application Data\VideoReDo-TVSuite
2008-12-29 19:01---------d-----wc:\program files\Common Files\Real
2008-12-29 01:40---------d-----wc:\program files\Java
2008-12-16 07:24---------d-----wc:\program files\SlySoft
2008-12-13 04:37---------d-----wc:\program files\DVDFab 5
2008-12-13 04:37---------d-----wc:\documents and settings\HP_Administrator\Application Data\Vso
2008-12-07 00:58---------d-----wc:\documents and settings\HP_Administrator\Application Data\Pegasys Inc
2008-12-04 22:24---------d-----wc:\documents and settings\HP_Administrator\Application Data\vlc
2008-12-01 19:58---------d-----wc:\documents and settings\All Users\Application Data\CyberLink
2008-12-01 19:57---------d-----wc:\documents and settings\HP_Administrator\Application Data\CyberLink
2008-11-28 19:03---------d-----wc:\documents and settings\All Users\Application Data\SlySoft
2008-11-26 03:51---------d-----wc:\documents and settings\All Users\Application Data\AOL
2008-11-23 20:41---------d-----wc:\program files\Macromedia
2008-11-23 20:41---------d-----wc:\program files\Common Files\Macromedia
2008-11-08 08:41---------d-----wc:\documents and settings\HP_Administrator\Application Data\dvdcss
2008-06-18 05:2347,360-c--a-wc:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2007-04-25 06:5281,920----a-wc:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2006-02-05 22:080-c--a-wc:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2005-12-01 19:1022-csha-wc:\windows\SMINST\HPCD.sys
2005-07-14 22:3127,648--sha-rc:\windows\system32\AVSredirect.dll
2005-06-27 01:32616,448-csha-rc:\windows\system32\cygwin1.dll
2005-06-22 08:3745,568--sha-rc:\windows\system32\cygz.dll
2006-05-03 09:06163,328--sh--rc:\windows\system32\flvDX.dll
2004-01-25 10:0070,656--sha-rc:\windows\system32\i420vfw.dll
2007-02-21 10:4731,232--sh--rc:\windows\system32\msfDX.dll
2008-03-16 12:30216,064--sh--rc:\windows\system32bDX.dll
2005-02-28 23:16240,128--sha-rc:\windows\system32\x.264.exe
2004-01-25 10:0070,656--sha-rc:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-09 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-25 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-03 390432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogonotify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.dvsd"= pdvcodec.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 02:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2003-07-25 11:15 536576 c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-13 07:49 133104 c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 14:52 50736 c:\program files\Common Files\AOL\1132791284\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 13:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2005-05-10 07:50 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 11:33 99480 c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-22 11:05 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-12-05 20:49 114688 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-25 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-25 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 76040]
S0 gubvxg;gubvxg;c:\windows\system32\drivers\dssg.sys --> c:\windows\system32\drivers\dssg.sys [?]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-09-14 23856]

--- Other Services/Drivers In Memory ---

*Deregistered* - pgfilter
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786552296-4031416920-3389770110-1008.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 07:49]

2009-01-06 c:\windows\Tasks\jvzlqali.job
- c:\windows\system32\rundll32.exe [2004-08-09 19:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AppCallBurner - (no file)
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SpyCatcher Reminder - c:\program files\SpyCatcher\SpyCatcher.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://dslstart.verizon.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4z1wonqz.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.133.33pGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\pluginspietab.dll
FF - plugin: c:\program files\Mozilla Firefox\pluginspmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\pluginspunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience TechnologypViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Commonpyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 07:57:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3786552296-4031416920-3389770110-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-3786552296-4031416920-3389770110-1008\Software\Zepter Software\RegLib*NULL*660e4663\AnyDVD/1]
"1"=dword:44dbfee3
"2"=dword:44dbfee3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*NULL*Version]
"Version"=hex:ca,e6,12,35,3c,49,92,2e,dc,fa,0c,8e,b4,4f,9b,af,bd,0e,7c,a8,60,\
64,03,5d,4a,14,69,40,97,8a,4f,b2,91,e2,9a,20,03,71,39,e2,77,ad,ad,59,59,43,\
08,b7,a0,45,90,a0,c0,d8,53,7a,2d,f0,58,f3,ce,c7,bd,a1,82,c2,25,d6,10,16,32,\
69,59,b2,d0,3d,d9,28,c8,55,99,7d,7e,fa,89,75,98,34,43,9d,04,90,01,3f,96,27,\
2b,ca,f8,d0,0b,a7,29,97,9e,3b,2b,a8,a4,56,0b,b6,16,e3,ca,70,8f,aa,04,57,8e,\
4a,33,80,40,55,d1,2a,b6,0c,37,db,62,ed,0d,5b,30,71,70,c1,c8,9a,eb,42,06,42,\
7a,48,7e,a7,38,14,a7,ff,74,7f,98,48,b2,7d,be,26,29,95,1f,c3,58,77,e9,da,94,\
0b,dc,9e,c7,9e,3f,34,ff,a8,7e,78,66,13,29,d4,d9,3d,32,50,2d,0f,fd,8c,00,d9,\
87,22,48,f6,5a,cf,10,31,b9,e3,db,f9,06,d3,3c,0e,6e,12,f9,fc,13,74,76,11,5a,\
89,79,40,0f,27,30,17,d9,82,92,b1,f1,20,3c,76,06,1f,53,ea,ea,28,b9,52,2f,58,\
8d,5c,60,4f,57,f3,e3,d3,7f,11,1e,00,00,00

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*NULL*Version]
"Version"=hex:ca,e6,12,35,3c,49,92,2e,dc,fa,0c,8e,b4,4f,9b,af,bd,0e,7c,a8,60,\
64,03,5d,4a,14,69,40,97,8a,4f,b2,91,e2,9a,20,03,71,39,e2,77,ad,ad,59,59,43,\
08,b7,a0,45,90,a0,c0,d8,53,7a,2d,f0,58,f3,ce,c7,bd,a1,82,c2,25,d6,10,16,32,\
69,59,b2,d0,3d,d9,28,c8,55,99,7d,7e,fa,89,75,98,34,43,9d,04,90,01,3f,96,27,\
2b,ca,f8,d0,0b,a7,29,97,9e,3b,2b,a8,a4,56,0b,b6,16,e3,ca,70,8f,aa,04,57,8e,\
4a,33,80,40,55,d1,2a,b6,0c,37,db,62,ed,0d,5b,30,71,70,c1,c8,9a,eb,42,06,42,\
7a,48,7e,a7,38,14,a7,ff,74,7f,98,48,b2,7d,be,26,29,95,1f,c3,58,77,e9,da,94,\
0b,dc,9e,c7,9e,3f,34,ff,a8,7e,78,66,13,29,d4,d9,3d,32,50,2d,0f,fd,8c,00,d9,\
87,22,48,f6,5a,cf,10,31,b9,e3,db,f9,06,d3,3c,0e,6e,12,f9,fc,13,74,76,11,5a,\
89,79,40,0f,27,30,17,d9,82,92,b1,f1,20,3c,76,06,1f,53,ea,ea,28,b9,52,2f,58,\
8d,5c,60,4f,57,f3,e3,d3,7f,11,1e,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\arservice.exe
c:\program files\Memeo\AutoBackup\MemeoService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehmsas.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-06 8:01:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 18:01:11
ComboFix2.txt 2007-12-03 22:38:00

Pre-Run: 56,064,045,056 bytes free
Post-Run: 55,958,347,776 bytes free

318--- E O F ---2008-12-19 09:27:43




Hickackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04, on 2009-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32otepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 7873 bytes
  Post #247203
 
Posted 1/6/2009 3:04 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

KILLALL::

File::
c:\windows\Tasks\jvzlqali.job

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Run 'ESET Online Scanner' using Internet Explorer:
http://www.eset.com/onlinescan/
Place a check in the box 'YES,I accept the Terms of Use' after reading.
Then click 'Start'.
Allow the activex control to install.
Then click 'Start' in the 'ESET Online Scanner' window.
Place a check in the box 'Remove found threats'.
Leave the box 'Scan unwanted applications' blank.
Then press 'Scan'.
The scan will take up some time so please be patient.
Once the scan has finished,post the entire contents of the logfile:
C:\Program Files\EsetOnlineScanner\log.txt

Also post a new HijackThis log.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #247205
 
Posted 1/6/2009 5:37 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 10/2/2005 2:10 PM
Posts: 18, Visits: 5
Combofix:

ComboFix 09-01-05.05 - HP_Administrator 2009-01-06 11:26:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.394 [GMT -10:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\Tasks\jvzlqali.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\jvzlqali.job

.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-04 22:12 . 2009-01-04 22:15d--------c:\program files\Spybot - Search & Destroy
2009-01-02 16:23 . 2009-01-05 15:58237,568--a------c:\windows\system32\rmc_rtspdl.dll
2009-01-02 16:23 . 2009-01-05 15:58156,672--a------c:\windows\system32\rmc_fixasf.exe
2009-01-02 16:22 . 2009-01-02 16:22d--------c:\windows\Replay Media Catcher
2009-01-02 16:22 . 2009-01-05 15:58323,584--a------c:\windows\system32\AUDIOGENIE2.DLL
2009-01-02 16:19 . 2009-01-05 16:04d--------c:\program files\Replay Media Catcher
2009-01-01 20:55 . 2009-01-01 20:55d--------c:\program files\eRightSoft
2009-01-01 20:55 . 2006-09-12 00:46227,328-r-hs----c:\windows\system32\ac3DX.ax
2009-01-01 20:55 . 2008-03-16 02:30216,064-r-hs----c:\windows\system32bDX.dll
2009-01-01 20:55 . 2006-03-10 10:48169,472-r-hs----c:\windows\system32\MatroskaDX.ax
2009-01-01 20:55 . 2006-05-02 23:06163,328-r-hs----c:\windows\system32\flvDX.dll
2009-01-01 20:55 . 2005-11-25 09:46161,792-r-hs----c:\windows\system32\RealMediaDX.ax
2009-01-01 20:55 . 2006-01-12 12:23123,904-r-hs----c:\windows\system32\AVCDX.ax
2009-01-01 20:55 . 2003-11-20 12:0054,784-r-hs----c:\windows\system32\RLAPEDec.ax
2009-01-01 20:55 . 2004-04-26 12:0037,888-r-hs----c:\windows\system32\RLMPCDec.ax
2009-01-01 20:55 . 2007-02-21 00:4731,232-r-hs----c:\windows\system32\msfDX.dll
2008-12-29 09:37 . 2008-12-29 09:37d--------c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-29 09:37 . 2009-01-04 18:3815,504--a------c:\windows\system32\drivers\mbam.sys
2008-12-29 09:36 . 2009-01-05 08:09d--------c:\program files\Malwarebytes' Anti-Malware
2008-12-29 09:36 . 2008-12-29 09:36d--------c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 09:36 . 2009-01-04 18:3838,496--a------c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 18:02 . 2008-12-21 15:19102,664--a------c:\windows\system32\drivers\tmcomm.sys
2008-12-28 15:40 . 2008-12-28 15:40410,984--a------c:\windows\system32\deploytk.dll
2008-12-26 10:53 . 2009-01-05 17:15d--h-----C:\$AVG8.VAULT$
2008-12-25 10:23 . 2009-01-06 10:22d--------c:\windows\system32\drivers\Avg
2008-12-25 10:23 . 2008-12-25 10:23d--------c:\program files\AVG
2008-12-25 10:23 . 2008-12-25 10:23d--------c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-25 10:23 . 2008-12-25 21:58d--------c:\documents and settings\All Users\Application Data\avg8
2008-12-25 10:23 . 2008-12-25 10:2397,928--a------c:\windows\system32\drivers\avgldx86.sys
2008-12-25 10:23 . 2008-12-25 10:2376,040--a------c:\windows\system32\drivers\avgtdix.sys
2008-12-25 10:23 . 2008-12-25 10:2310,520--a------c:\windows\system32\avgrsstx.dll
2008-12-23 12:50 . 2009-01-05 09:10d--------c:\program files\FriendBlasterPro
2008-12-23 09:11 . 2008-12-23 09:11d--------c:\windows\system32\CallBurner
2008-12-23 09:11 . 2008-12-23 09:11d--------c:\program files\CallBurner
2008-12-23 09:10 . 2008-12-23 09:10114,688--a------c:\windows\eWebControl.dll
2008-12-23 09:10 . 2008-12-23 09:1081,920--a------c:\windows\eSellerateControl350.dll
2008-12-22 14:31 . 2008-12-22 14:31d--------c:\documents and settings\HP_Administrator\Application Data\LEAPS
2008-12-21 18:10 . 2009-01-01 19:50d--------c:\documents and settings\HP_Administrator\Application Data\skypePM
2008-12-21 18:10 . 2008-12-21 18:1056--ah-----c:\windows\system32\ezsidmv.dat
2008-12-21 18:05 . 2009-01-01 23:45d--------c:\documents and settings\HP_Administrator\Application Data\Skype
2008-12-21 18:04 . 2008-12-21 18:04d--------c:\program files\Skype
2008-12-21 18:04 . 2008-12-21 18:04d--------c:\program files\Common Files\Skype
2008-12-21 18:04 . 2008-12-21 18:04d--------c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 17:41---------d-----wc:\program files\PeerGuardian2
2009-01-06 05:49---------d-----wc:\documents and settings\HP_Administrator\Application Data\VideoReDoPlus
2009-01-06 05:44---------d---a-wc:\documents and settings\All Users\Application Data\TEMP
2009-01-05 23:17---------d-----wc:\program files\SUPERAntiSpyware
2009-01-05 23:17---------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-01-05 22:33---------d--h--wc:\program files\InstallShield Installation Information
2009-01-05 22:33---------d-----wc:\program files\CyberLink
2009-01-05 08:15---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 22:30---------d-----wc:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-02 07:18---------d-----wc:\documents and settings\HP_Administrator\Application Data\Audacity
2009-01-01 04:00---------d-----wc:\documents and settings\HP_Administrator\Application Data\VideoReDo-TVSuite
2008-12-29 19:01---------d-----wc:\program files\Common Files\Real
2008-12-29 01:40---------d-----wc:\program files\Java
2008-12-16 07:24---------d-----wc:\program files\SlySoft
2008-12-13 04:37---------d-----wc:\program files\DVDFab 5
2008-12-13 04:37---------d-----wc:\documents and settings\HP_Administrator\Application Data\Vso
2008-12-07 00:58---------d-----wc:\documents and settings\HP_Administrator\Application Data\Pegasys Inc
2008-12-04 22:24---------d-----wc:\documents and settings\HP_Administrator\Application Data\vlc
2008-12-01 19:58---------d-----wc:\documents and settings\All Users\Application Data\CyberLink
2008-12-01 19:57---------d-----wc:\documents and settings\HP_Administrator\Application Data\CyberLink
2008-11-28 19:03---------d-----wc:\documents and settings\All Users\Application Data\SlySoft
2008-11-26 03:51---------d-----wc:\documents and settings\All Users\Application Data\AOL
2008-11-23 20:41---------d-----wc:\program files\Macromedia
2008-11-23 20:41---------d-----wc:\program files\Common Files\Macromedia
2008-11-08 08:41---------d-----wc:\documents and settings\HP_Administrator\Application Data\dvdcss
2008-06-18 05:2347,360-c--a-wc:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2007-04-25 06:5281,920----a-wc:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2006-02-05 22:080-c--a-wc:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2005-12-01 19:1022-csha-wc:\windows\SMINST\HPCD.sys
2005-07-14 22:3127,648--sha-rc:\windows\system32\AVSredirect.dll
2005-06-27 01:32616,448-csha-rc:\windows\system32\cygwin1.dll
2005-06-22 08:3745,568--sha-rc:\windows\system32\cygz.dll
2006-05-03 09:06163,328--sh--rc:\windows\system32\flvDX.dll
2004-01-25 10:0070,656--sha-rc:\windows\system32\i420vfw.dll
2007-02-21 10:4731,232--sh--rc:\windows\system32\msfDX.dll
2008-03-16 12:30216,064--sh--rc:\windows\system32bDX.dll
2005-02-28 23:16240,128--sha-rc:\windows\system32\x.264.exe
2004-01-25 10:0070,656--sha-rc:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_ 7.59.56.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-06 21:34:2816,384----atwc:\windows\temp\Perflib_Perfdata_1c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-09 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-25 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-03 390432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogonotify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.dvsd"= pdvcodec.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 02:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2003-07-25 11:15 536576 c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-13 07:49 133104 c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 14:52 50736 c:\program files\Common Files\AOL\1132791284\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 13:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2005-05-10 07:50 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 11:33 99480 c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-22 11:05 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-12-05 20:49 114688 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-25 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-25 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 76040]
S0 gubvxg;gubvxg;c:\windows\system32\drivers\dssg.sys --> c:\windows\system32\drivers\dssg.sys [?]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-09-14 23856]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786552296-4031416920-3389770110-1008.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dslstart.verizon.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4z1wonqz.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.133.33pGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\pluginspietab.dll
FF - plugin: c:\program files\Mozilla Firefox\pluginspmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\pluginspunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience TechnologypViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Commonpyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 11:36:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3786552296-4031416920-3389770110-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-3786552296-4031416920-3389770110-1008\Software\Zepter Software\RegLib*NULL*660e4663\AnyDVD/1]
"1"=dword:44dbfee3
"2"=dword:44dbfee3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*NULL*Version]
"Version"=hex:ca,e6,12,35,3c,49,92,2e,dc,fa,0c,8e,b4,4f,9b,af,bd,0e,7c,a8,60,\
64,03,5d,4a,14,69,40,97,8a,4f,b2,91,e2,9a,20,03,71,39,e2,77,ad,ad,59,59,43,\
08,b7,a0,45,90,a0,c0,d8,53,7a,2d,f0,58,f3,ce,c7,bd,a1,82,c2,25,d6,10,16,32,\
69,59,b2,d0,3d,d9,28,c8,55,99,7d,7e,fa,89,75,98,34,43,9d,04,90,01,3f,96,27,\
2b,ca,f8,d0,0b,a7,29,97,9e,3b,2b,a8,a4,56,0b,b6,16,e3,ca,70,8f,aa,04,57,8e,\
4a,33,80,40,55,d1,2a,b6,0c,37,db,62,ed,0d,5b,30,71,70,c1,c8,9a,eb,42,06,42,\
7a,48,7e,a7,38,14,a7,ff,74,7f,98,48,b2,7d,be,26,29,95,1f,c3,58,77,e9,da,94,\
0b,dc,9e,c7,9e,3f,34,ff,a8,7e,78,66,13,29,d4,d9,3d,32,50,2d,0f,fd,8c,00,d9,\
87,22,48,f6,5a,cf,10,31,b9,e3,db,f9,06,d3,3c,0e,6e,12,f9,fc,13,74,76,11,5a,\
89,79,40,0f,27,30,17,d9,82,92,b1,f1,20,3c,76,06,1f,53,ea,ea,28,b9,52,2f,58,\
8d,5c,60,4f,57,f3,e3,d3,7f,11,1e,00,00,00

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*NULL*Version]
"Version"=hex:ca,e6,12,35,3c,49,92,2e,dc,fa,0c,8e,b4,4f,9b,af,bd,0e,7c,a8,60,\
64,03,5d,4a,14,69,40,97,8a,4f,b2,91,e2,9a,20,03,71,39,e2,77,ad,ad,59,59,43,\
08,b7,a0,45,90,a0,c0,d8,53,7a,2d,f0,58,f3,ce,c7,bd,a1,82,c2,25,d6,10,16,32,\
69,59,b2,d0,3d,d9,28,c8,55,99,7d,7e,fa,89,75,98,34,43,9d,04,90,01,3f,96,27,\
2b,ca,f8,d0,0b,a7,29,97,9e,3b,2b,a8,a4,56,0b,b6,16,e3,ca,70,8f,aa,04,57,8e,\
4a,33,80,40,55,d1,2a,b6,0c,37,db,62,ed,0d,5b,30,71,70,c1,c8,9a,eb,42,06,42,\
7a,48,7e,a7,38,14,a7,ff,74,7f,98,48,b2,7d,be,26,29,95,1f,c3,58,77,e9,da,94,\
0b,dc,9e,c7,9e,3f,34,ff,a8,7e,78,66,13,29,d4,d9,3d,32,50,2d,0f,fd,8c,00,d9,\
87,22,48,f6,5a,cf,10,31,b9,e3,db,f9,06,d3,3c,0e,6e,12,f9,fc,13,74,76,11,5a,\
89,79,40,0f,27,30,17,d9,82,92,b1,f1,20,3c,76,06,1f,53,ea,ea,28,b9,52,2f,58,\
8d,5c,60,4f,57,f3,e3,d3,7f,11,1e,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\Memeo\AutoBackup\MemeoService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-06 11:41:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 21:41:23
ComboFix2.txt 2009-01-06 18:01:18
ComboFix3.txt 2007-12-03 22:38:00

Pre-Run: 55,645,343,744 bytes free
Post-Run: 55,626,530,816 bytes free

313--- E O F ---2008-12-19 09:27:43



ESET Online Scanner

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3744 (20090106)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=732bccb292dc5d4cab6820bc54156aff
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2009-01-06 11:17:01
# local_time=2009-01-06 01:17:01 (-1000, Hawaiian Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=483992
# found=0
# scan_time=5073


Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34, on 2009-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32otepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 8251 bytes
  Post #247209
 
Posted 1/6/2009 5:42 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.



Your log is clean,hows your pc running now please.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #247210
 
Posted 1/7/2009 11:22 AM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 10/2/2005 2:10 PM
Posts: 18, Visits: 5
I think my PC is running better now. Thanks Richie.
  Post #247232
 
Posted 1/7/2009 11:36 AM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
You have MS Windows XP Service Pack 2/3 installed so i'm presuming you're using the Windows Firewall.
You may be behind a hardware firewall(Router/NAT),but it would'nt hurt to install a third party software firewall to enhance protection.
A word of warning regarding the Windows Firewall in Service Pack 2/3,by default it only filters INCOMING traffic.
That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any other personal information.
I suggest you install a more robust third party firewall from below that filters both INCOMING and OUTGOING traffic.

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/
PC Tools Firewall Plus:
http://www.pctools.com/mirror/fwinstall.exe
Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/
Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

You should take the time to read the following:
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/tutorial60.html


You should now take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

How did I get infected?, With steps so it does not happen again!
Simple and easy ways to keep your computer safe and secure on the Internet.
Best Practices - Internet Safety for 2008.
Your Guide To Staying Safe Online.
Securing Your Web Browser.
Hardening Windows Security - Part 1 & 2.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #247234
 
« Prev Topic | Next Topic »



All times are GMT -6:00, Time now is 2:36pm

Powered By InstantForum.NET v4.1.4 © 2009
Execution: 0.059. 8 queries. Compression Disabled.