Jump to content

xcyper33

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Reputation

0 Neutral
  1. xcyper33
    Yeah you're right. Though I usually just check the torrent comments 1st and see if the torrent comes with any infestations.
  2. xcyper33
    Everything is running damn fine thanks for the help. Is there ANYthing I can do to prevent further attacks from Security Tools just incase it happens again??
  3. xcyper33
    ComboFix 09-10-11.03 - Past 10/12/2009 8:50.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -4:00] Running from: c:\documents and settings\Past\Desktop\ALL FOLDERS\Virus control files\ComboFix.exe Command switches used :: c:\documents and settings\Past\Desktop\ALL FOLDERS\Virus control files\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskPBar c:\program files\AskPBar\bar\Cache\00230341 c:\program files\AskPBar\bar\Cache\0023041C c:\program files\AskPBar\bar\Cache\002304A9.bin c:\program files\AskPBar\bar\Cache\00230506.bin c:\program files\AskPBar\bar\Cache\00230583.bin c:\program files\AskPBar\bar\Cache\00230610.bin c:\program files\AskPBar\bar\Cache\002306EB.bin c:\program files\AskPBar\bar\Cache\files.ini c:\program files\AskPBar\bar\History\search2 c:\program files\AskPBar\bar\Settings\prevcfg2.htm c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL c:\windows\system32\vozepuyo.dll . ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))) . 2009-10-12 04:40 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-12 04:40 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-12 04:09 . 2009-10-12 04:09 -------- d-----w- c:\program files\Trend Micro 2009-10-12 03:32 . 2009-10-12 03:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-12 03:32 . 2009-10-12 03:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-10-11 05:17 . 2009-10-11 05:18 -------- d-----w- c:\program files\CCleaner 2009-10-11 05:10 . 2009-10-11 05:10 -------- d-----w- c:\documents and settings\Past\Application Data\Malwarebytes 2009-10-11 02:50 . 2009-10-11 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-11 02:34 . 2009-10-11 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-11 02:34 . 2009-10-12 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 15:26 . 2009-10-08 15:27 -------- d-----w- c:\documents and settings\Past\Local Settings\Application Data\Risen 2009-10-08 15:25 . 2009-10-08 15:25 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2009-10-08 15:15 . 2009-10-08 15:15 -------- d-----w- c:\program files\Deep Silver 2009-10-08 14:45 . 2009-10-08 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-10-08 14:27 . 2009-10-08 14:50 -------- d-----w- c:\documents and settings\Past\Application Data\DAEMON Tools Pro 2009-10-04 00:12 . 2009-10-04 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Martau 2009-10-04 00:11 . 2009-10-04 00:12 -------- d-----w- c:\program files\Total Uninstall 5 2009-10-01 06:30 . 2009-10-07 23:55 -------- d-----w- c:\documents and settings\Past\Application Data\U3 2009-09-30 06:48 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-09-25 04:07 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-09-20 02:30 . 2009-09-20 02:30 -------- d-----w- c:\documents and settings\Past\Application Data\Turbine 2009-09-20 02:30 . 2009-09-20 02:30 -------- d-----w- c:\documents and settings\Past\Local Settings\Application Data\Turbine 2009-09-19 23:55 . 2009-09-19 23:55 -------- d-----w- c:\program files\Turbine 2009-09-19 09:17 . 2009-09-19 09:17 4096 ----a-w- c:\windows\d3dx.dat 2009-09-19 09:05 . 2009-09-19 09:05 -------- d-----w- c:\program files\PlayOnline 2009-09-19 07:50 . 2009-09-20 11:08 -------- d-----w- c:\documents and settings\Past\Local Settings\Application Data\PMB Files 2009-09-19 07:50 . 2009-09-19 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-09-19 07:50 . 2009-09-19 07:50 -------- d-----w- c:\program files\Pando Networks 2009-09-13 07:42 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-09-13 07:42 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-09-13 07:42 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 13:05 . 2009-06-12 07:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet 2009-10-12 12:37 . 2008-03-29 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-12 07:10 . 2009-06-10 16:01 -------- d-----w- c:\documents and settings\Past\Application Data\WTablet 2009-10-11 04:49 . 2008-03-29 11:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-11 04:49 . 2008-03-29 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-11 04:30 . 2009-06-12 20:44 -------- d-----w- c:\documents and settings\Brandon Lucas\Application Data\WTablet 2009-10-11 04:24 . 2009-07-09 22:18 119296 ----a-w- c:\windows\system32\zlib.dll 2009-10-11 01:45 . 2008-03-29 10:12 -------- d-----w- c:\program files\Trillian 2009-10-08 16:58 . 2008-10-18 17:55 -------- d-----w- c:\documents and settings\Past\Application Data\uTorrent 2009-10-08 15:25 . 2008-06-03 22:10 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-10-08 15:25 . 2008-06-03 22:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-10-08 15:25 . 2008-05-23 23:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-08 15:15 . 2008-03-29 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-08 15:07 . 2008-05-27 03:15 -------- d-----w- c:\program files\Alcohol Soft 2009-10-08 14:40 . 2008-04-19 00:42 722416 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-07 22:53 . 2008-10-18 17:55 -------- d-----w- c:\program files\uTorrent 2009-09-30 12:11 . 2009-01-10 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-26 23:51 . 2008-12-26 06:23 -------- d-----w- c:\program files\Paltalk Messenger 2009-09-25 04:07 . 2009-07-06 23:08 -------- d-----w- c:\program files\Black Isle 2009-09-24 06:08 . 2008-06-30 09:21 -------- d-----w- c:\program files\Diablo II 2009-09-23 17:37 . 2008-10-23 16:09 179792 ----a-w- c:\windows\system32\guard32.dll 2009-09-23 17:37 . 2008-10-23 16:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-09-23 17:37 . 2008-10-23 16:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-09-23 17:37 . 2008-10-23 16:09 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-09-19 09:04 . 2008-09-05 18:23 -------- d-----w- c:\documents and settings\Past\Application Data\IGN_DLM 2009-09-16 09:53 . 2008-12-19 08:07 -------- d-----w- c:\documents and settings\Past\Application Data\Skype 2009-09-16 09:53 . 2008-12-19 08:08 -------- d-----w- c:\documents and settings\Past\Application Data\skypePM 2009-09-12 23:10 . 2009-04-30 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-08 18:50 . 2009-08-09 06:25 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-09-04 21:44 . 2009-06-24 01:30 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-08-28 16:39 . 2008-05-24 01:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-28 16:39 . 2008-05-24 01:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-28 16:39 . 2008-05-24 01:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-26 03:22 . 2009-08-26 03:22 -------- d-----w- c:\program files\Acclaim Games Inc 2009-08-22 23:54 . 2008-03-29 10:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-22 13:54 . 2008-03-29 10:05 75472 -c--a-w- c:\documents and settings\Past\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 07:04 . 2009-08-17 07:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-05-01 02:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-05-01 02:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-05-01 02:02 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-17 04:57 . 2008-10-07 17:33 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2008-10-07 17:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2008-10-07 17:33 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2008-10-07 17:33 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2008-10-07 17:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2008-03-29 10:39 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2007-10-25 09:17 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2007-10-25 09:17 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-15 21:52 . 2009-08-15 21:14 -------- d-----w- c:\program files\Call of Duty 4 2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-11 16:35 . 2008-03-29 10:38 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 04:21 . 2009-08-03 04:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-11 15:32 . 2009-07-11 15:32 51200 --sha-w- c:\windows\system32\bulilufu.dll 2009-07-11 15:32 . 2009-07-11 15:32 51200 --sha-w- c:\windows\system32\hukibopa.dll 2009-07-11 01:38 . 2009-07-11 01:38 88576 --sha-w- c:\windows\system32\ragivaze.dll 2009-07-11 15:32 . 2009-07-11 15:32 88576 --sha-w- c:\windows\system32\siwelehu.dll 2009-07-11 01:38 . 2009-07-11 01:38 69120 --sha-w- c:\windows\system32\tibugizu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-03-29 32768] [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-04-25 1273856] "D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 2695168] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Fix-It AV"="c:\progra~1\Ontrack\SYSTEM~1\MemCheck.exe" [2001-09-09 61440] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-23 1799952] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-09 68592] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-23 1799952] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800] "migozasati"="peyeduli.dll" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-8-5 11537920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-28 16:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ivV01.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wkk80.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\razuki\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\razuki\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Soldat\\Soldat.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\Valve\\Steam\\Steam.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Left 4 Dead\\left4dead.exe"= "c:\\games\\RedFaction\\RedFaction.exe"= "c:\\games\\RedFaction\\rf.exe"= "c:\\games\\RedFaction\\PF.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Acclaim Games Inc\\Rush Fighters\\Rushfighters\\amped.exe"= "c:\\games\\Batman.Arkham.Asylum-KaOs\\Binaries\\ShippingPC-BmGame.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"= "c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"= "c:\\WINDOWS\\system32\\Pen_Tablet.exe"= "c:\\WINDOWS\\system32\\WLTRAY.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "28616:TCP"= 28616:TCP:SolidNetworkManager "28616:UDP"= 28616:UDP:SolidNetworkManager "42159:TCP"= 42159:TCP:*:Disabled:SolidNetworkManager "42159:UDP"= 42159:UDP:*:Disabled:SolidNetworkManager "65442:TCP"= 65442:TCP:*:Disabled:SolidNetworkManager "65442:UDP"= 65442:UDP:*:Disabled:SolidNetworkManager "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "5353:TCP"= 5353:TCP:Adobe CSI CS4 "58500:TCP"= 58500:TCP:Pando Media Booster "58500:UDP"= 58500:UDP:Pando Media Booster R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 9:00 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 9:00 PM 108552] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/23/2008 12:09 PM 132296] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/23/2008 12:09 PM 25160] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 12:17 PM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 12:17 PM 297752] R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912] R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [3/29/2008 6:37 AM 35584] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/10/2009 12:00 PM 3032360] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2008 2:56 PM 24652] R2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/10/2009 12:00 PM 15144] S0 ivV01;ivV01;c:\windows\system32\Drivers\ivV01.sys --> c:\windows\system32\Drivers\ivV01.sys [?] S0 Wkk80;Wkk80;c:\windows\system32\Drivers\Wkk80.sys --> c:\windows\system32\Drivers\Wkk80.sys [?] S2 gupdate1c9e4938d54793e;Google Update Service (gupdate1c9e4938d54793e);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 5:37 PM 133104] S3 ALSysIO;ALSysIO;\??\c:\docume~1\Past\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Past\LOCALS~1\Temp\ALSysIO.sys [?] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/6/2009 3:16 PM 12672] S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 7:56 PM 14336] S3 jfdcd;jfdcd;\??\c:\docume~1\Past\LOCALS~1\Temp\jfdcd.sys --> c:\docume~1\Past\LOCALS~1\Temp\jfdcd.sys [?] S3 mxInsMon;mxInsMon;c:\progra~1\Ontrack\SYSTEM~1\mxInsMon.sys [8/20/2001 10:03 AM 18736] S3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [3/29/2008 7:08 PM 158976] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [3/29/2008 5:21 PM 822400] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99bda707-b419-11de-a70e-0018f8b1146b}] \Shell\AutoRun\command - D:\AUTOSTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-29 14:25] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 21:37] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 21:37] 2009-10-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-06-16 21:22] 2009-10-12 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.newgrounds.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab FF - ProfilePath - c:\documents and settings\Past\Application Data\Mozilla\Firefox\Profiles\wptbtgqp.default\ FF - prefs.js: browser.startup.homepage - newgrounds.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-12 09:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-73586283-1644491937-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:79,d0,61,30,0c,7c,3a,8f,2b,c8,16,3c,ec,a2,bf,91,df,f3,22,ba,94,70,22, 77,26,3d,7b,12,5b,f1,5b,e5,b6,35,83,d9,5e,ae,db,93,76,66,fb,ad,4d,d4,e7,65,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-73586283-1644491937-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:4d,86,15,d3,92,b7,d0,ba,f7,46,64,b6,61,0a,b6,a9,74,47,bc,cf,cb, 65,b7,fd,9a,c9,68,b3,0e,32,f0,fb,3b,d1,08,8c,df,c3,87,c8,7c,4f,a9,be,a6,61,\ "rkeysecu"=hex:ab,42,3b,40,d1,ed,1c,35,6e,eb,e7,c9,12,19,53,e7 [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(840) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(604) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\COMODO\Firewall\cmdagent.exe c:\windows\system32\BCMWLTRY.EXE c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe c:\progra~1\Ontrack\SYSTEM~1\MXTask.exe c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-10-12 9:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-12 13:19 ComboFix2.txt 2009-10-12 03:56 Pre-Run: 353,512,181,760 bytes free Post-Run: 353,449,070,592 bytes free Current=6 Default=6 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7 381 --- E O F --- 2009-09-30 12:11
  4. xcyper33
    YESS I MANAGED TO GET MBAM TO WORK!! This is what I did: I uninstalled it from my computer. Then used Mbam-clean. Restarted the computer. Then I reinstalled but the silly Security tool took away mbam.exe again. So what I did was..basically fit the piece into the puzzle. I went into my flash drive, got the mbam.exe ALONE, then put it inside. WALA! It ran! So then I ran the quick scan and it found like 20 infections! At the same time, Security Tool was launching its full scale attack on me (funny because it didn't launch a full scale attack since like a day ago, funny how it launched when I finally got mbam working, as if it had a mind of its own...). It somehow managed to get through my firewall and then it got onto my task bar. It hid my desktop, but at the same time, Mbam.exe found most of the files related to security tool. So while my Comodo was fighting Security Tool it asked me to remove infections. Of course I selected yes and my computer restarted. I forgot to update Mbam.exe so I updated and ran it again only to find 3 more infections, one of them was named 'Rogue Security Tool' or something like that. Mbam kicked its *** and then I restarted the computer. Everything seems to be running super smooth right now. No signs of Security Tool. It isn't even found inside Application Data. HOWEVER guys, I still want to continue on with this process JUST IN CASE. So where do I go from here guys?
  5. xcyper33
    Wowzerz it seems like my computer is a lot less sluggish since I ran the combofix install, also not getting any popups -AS OF YET-. Don't want to get my hopes up. I still want to continue along with this process to rid myself of any possible security tool files or any infections in general. Thanks for the help so far, Onward!
  6. xcyper33
    Here is a Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:23 AM, on 10/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll O2 - BHO: (no name) - {c1642815-63f4-4275-be3e-30593f6925a4} - bulilufu.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe /windowsstart /startifwork O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: sazukojo.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9e4938d54793e) (gupdate1c9e4938d54793e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe -- End of file - 14218 bytes
  7. xcyper33
    ALRIGHTY! Combo fix HAS FINISHED! (yay!) here is the log file! ComboFix 09-10-11.01 - Past 10/11/2009 23:19.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT -4:00] Running from: c:\documents and settings\Past\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\windows\Installer\3b75c37.msp c:\windows\kb913800.exe c:\windows\system32\Dccddfii.ini c:\windows\system32\ikjSDJjl.ini c:\windows\system32\libodiwa.dll c:\windows\system32\mcrh.tmp c:\windows\system32\NTSVc.ocx c:\windows\system32\peyeduli.dll c:\windows\system32\sazukojo.dll c:\windows\system32\xmeoyktf.ini F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))) . 2009-10-12 03:32 . 2009-10-12 03:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-12 03:32 . 2009-10-12 03:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-10-11 15:31 . 2009-10-12 03:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar 2009-10-11 15:31 . 2009-10-11 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google 2009-10-11 05:17 . 2009-10-11 05:18 -------- d-----w- c:\program files\CCleaner 2009-10-11 05:10 . 2009-10-11 05:10 -------- d-----w- c:\documents and settings\Past\Application Data\Malwarebytes 2009-10-11 02:50 . 2009-10-11 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-11 02:34 . 2009-10-11 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-11 02:34 . 2009-10-11 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 15:26 . 2009-10-08 15:27 -------- d-----w- c:\documents and settings\Past\Local Settings\Application Data\Risen 2009-10-08 15:25 . 2009-10-08 15:25 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2009-10-08 15:15 . 2009-10-08 15:15 -------- d-----w- c:\program files\Deep Silver 2009-10-08 14:45 . 2009-10-08 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-10-08 14:45 . 2009-10-08 14:48 -------- d-----w- c:\program files\DAEMON Tools Pro 2009-10-08 14:27 . 2009-10-08 14:50 -------- d-----w- c:\documents and settings\Past\Application Data\DAEMON Tools Pro 2009-10-04 00:12 . 2009-10-04 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Martau 2009-10-04 00:11 . 2009-10-04 00:12 -------- d-----w- c:\program files\Total Uninstall 5 2009-10-01 06:37 . 2005-06-06 15:29 110592 ----a-w- c:\documents and settings\Past\Application Data\U3\temp\cleanup.exe 2009-10-01 06:30 . 2009-10-07 23:55 -------- d-----w- c:\documents and settings\Past\Application Data\U3 2009-09-30 06:48 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-09-25 04:07 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-09-20 02:30 . 2009-09-20 02:30 -------- d-----w- c:\documents and settings\Past\Application Data\Turbine 2009-09-20 02:30 . 2009-09-20 02:30 -------- d-----w- c:\documents and settings\Past\Local Settings\Application Data\Turbine 2009-09-19 23:55 . 2009-09-19 23:55 -------- d-----w- c:\program files\Turbine 2009-09-19 09:17 . 2009-09-19 09:17 4096 ----a-w- c:\windows\d3dx.dat 2009-09-19 09:05 . 2009-09-19 09:05 -------- d-----w- c:\program files\PlayOnline 2009-09-19 07:50 . 2009-09-20 11:08 -------- d-----w- c:\documents and settings\Past\Local Settings\Application Data\PMB Files 2009-09-19 07:50 . 2009-09-19 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-09-19 07:50 . 2009-09-19 07:50 -------- d-----w- c:\program files\Pando Networks 2009-09-13 07:42 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-09-13 07:42 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-09-13 07:42 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-13 07:42 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 03:41 . 2009-06-10 16:01 -------- d-----w- c:\documents and settings\Past\Application Data\WTablet 2009-10-12 03:37 . 2009-06-12 07:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet 2009-10-11 08:49 . 2008-03-29 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-11 04:49 . 2008-03-29 11:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-11 04:49 . 2008-03-29 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-11 04:30 . 2009-06-12 20:44 -------- d-----w- c:\documents and settings\Brandon Lucas\Application Data\WTablet 2009-10-11 04:24 . 2009-07-09 22:18 119296 ----a-w- c:\windows\system32\zlib.dll 2009-10-11 01:45 . 2008-03-29 10:12 -------- d-----w- c:\program files\Trillian 2009-10-08 16:58 . 2008-10-18 17:55 -------- d-----w- c:\documents and settings\Past\Application Data\uTorrent 2009-10-08 15:25 . 2008-06-03 22:10 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-10-08 15:25 . 2008-06-03 22:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-10-08 15:25 . 2008-05-23 23:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-08 15:15 . 2008-03-29 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-08 15:07 . 2008-05-27 03:15 -------- d-----w- c:\program files\Alcohol Soft 2009-10-08 14:40 . 2008-04-19 00:42 722416 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-07 22:53 . 2008-10-18 17:55 -------- d-----w- c:\program files\uTorrent 2009-09-30 12:11 . 2009-01-10 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-26 23:51 . 2008-12-26 06:23 -------- d-----w- c:\program files\Paltalk Messenger 2009-09-25 04:07 . 2009-07-06 23:08 -------- d-----w- c:\program files\Black Isle 2009-09-24 06:08 . 2008-06-30 09:21 -------- d-----w- c:\program files\Diablo II 2009-09-23 17:37 . 2008-10-23 16:09 179792 ----a-w- c:\windows\system32\guard32.dll 2009-09-23 17:37 . 2008-10-23 16:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-09-23 17:37 . 2008-10-23 16:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-09-23 17:37 . 2008-10-23 16:09 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-09-19 09:04 . 2008-09-05 18:23 -------- d-----w- c:\documents and settings\Past\Application Data\IGN_DLM 2009-09-16 09:53 . 2008-12-19 08:07 -------- d-----w- c:\documents and settings\Past\Application Data\Skype 2009-09-16 09:53 . 2008-12-19 08:08 -------- d-----w- c:\documents and settings\Past\Application Data\skypePM 2009-09-12 23:10 . 2009-04-30 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-11 18:55 . 2009-09-11 18:55 1924440 ----a-w- c:\documents and settings\Past\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-09-08 18:50 . 2009-08-09 06:25 64 ----a-w- c:\documents and settings\Past\Application Data\Mozilla\Firefox\Profiles\wptbtgqp.default\extensions\dvscontextmenuy@dvdvideosoft.com 2009-09-08 18:50 . 2009-08-09 06:25 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-09-04 21:44 . 2009-06-24 01:30 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-08-28 16:39 . 2008-05-24 01:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-28 16:39 . 2008-05-24 01:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-28 16:39 . 2008-05-24 01:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-26 03:22 . 2009-08-26 03:22 -------- d-----w- c:\program files\Acclaim Games Inc 2009-08-22 23:54 . 2008-03-29 10:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-22 13:54 . 2008-03-29 10:05 75472 -c--a-w- c:\documents and settings\Past\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 07:04 . 2009-08-17 07:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-05-01 02:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-05-01 02:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-05-01 02:02 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-17 04:57 . 2008-10-07 17:33 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2008-10-07 17:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2008-10-07 17:33 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2008-10-07 17:33 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2008-10-07 17:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2008-03-29 10:39 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2007-10-25 09:17 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2007-10-25 09:17 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-15 21:52 . 2009-08-15 21:14 -------- d-----w- c:\program files\Call of Duty 4 2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-11 16:35 . 2008-03-29 10:38 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 04:21 . 2009-08-03 04:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-11 15:32 . 2009-07-11 15:32 51200 --sha-w- c:\windows\system32\bulilufu.dll 2009-07-11 15:32 . 2009-07-11 15:32 51200 --sha-w- c:\windows\system32\hukibopa.dll 2009-07-11 15:32 . 2009-07-11 15:32 1011429 --sha-w- c:\windows\system32\pigetome.exe 2009-07-11 01:38 . 2009-07-11 01:38 88576 --sha-w- c:\windows\system32\ragivaze.dll 2009-07-11 15:32 . 2009-07-11 15:32 88576 --sha-w- c:\windows\system32\siwelehu.dll 2009-07-11 01:38 . 2009-07-11 01:38 69120 --sha-w- c:\windows\system32\tibugizu.dll 2009-07-11 01:38 . 2009-07-11 01:38 1011128 --sha-w- c:\windows\system32\tosedale.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2008-03-29 61440] "{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-03-29 32768] [HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}] [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1642815-63f4-4275-be3e-30593f6925a4}] 2009-07-11 15:32 51200 --sha-w- c:\windows\system32\bulilufu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 21:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-26 2356088] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-04-25 1273856] "D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 2695168] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Fix-It AV"="c:\progra~1\Ontrack\SYSTEM~1\MemCheck.exe" [2001-09-09 61440] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-23 1799952] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-09 68592] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-23 1799952] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-8-5 11537920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-28 16:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ivV01.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wkk80.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\razuki\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\razuki\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Soldat\\Soldat.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\Valve\\Steam\\Steam.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Left 4 Dead\\left4dead.exe"= "c:\\games\\RedFaction\\RedFaction.exe"= "c:\\games\\RedFaction\\rf.exe"= "c:\\games\\RedFaction\\PF.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Acclaim Games Inc\\Rush Fighters\\Rushfighters\\amped.exe"= "c:\\games\\Batman.Arkham.Asylum-KaOs\\Binaries\\ShippingPC-BmGame.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"= "c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"= "c:\\WINDOWS\\system32\\Pen_Tablet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "28616:TCP"= 28616:TCP:SolidNetworkManager "28616:UDP"= 28616:UDP:SolidNetworkManager "42159:TCP"= 42159:TCP:*:Disabled:SolidNetworkManager "42159:UDP"= 42159:UDP:*:Disabled:SolidNetworkManager "65442:TCP"= 65442:TCP:*:Disabled:SolidNetworkManager "65442:UDP"= 65442:UDP:*:Disabled:SolidNetworkManager "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "5353:TCP"= 5353:TCP:Adobe CSI CS4 "58500:TCP"= 58500:TCP:Pando Media Booster "58500:UDP"= 58500:UDP:Pando Media Booster R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 9:00 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 9:00 PM 108552] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/23/2008 12:09 PM 132296] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/23/2008 12:09 PM 25160] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 12:17 PM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 12:17 PM 297752] R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912] R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [3/29/2008 6:37 AM 35584] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/10/2009 12:00 PM 3032360] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2008 2:56 PM 24652] R2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/10/2009 12:00 PM 15144] S0 ivV01;ivV01;c:\windows\system32\Drivers\ivV01.sys --> c:\windows\system32\Drivers\ivV01.sys [?] S0 Wkk80;Wkk80;c:\windows\system32\Drivers\Wkk80.sys --> c:\windows\system32\Drivers\Wkk80.sys [?] S2 gupdate1c9e4938d54793e;Google Update Service (gupdate1c9e4938d54793e);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 5:37 PM 133104] S3 ALSysIO;ALSysIO;\??\c:\docume~1\Past\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Past\LOCALS~1\Temp\ALSysIO.sys [?] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/6/2009 3:16 PM 12672] S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 7:56 PM 14336] S3 jfdcd;jfdcd;\??\c:\docume~1\Past\LOCALS~1\Temp\jfdcd.sys --> c:\docume~1\Past\LOCALS~1\Temp\jfdcd.sys [?] S3 mxInsMon;mxInsMon;c:\progra~1\Ontrack\SYSTEM~1\mxInsMon.sys [8/20/2001 10:03 AM 18736] S3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [3/29/2008 7:08 PM 158976] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [3/29/2008 5:21 PM 822400] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99bda707-b419-11de-a70e-0018f8b1146b}] \Shell\AutoRun\command - D:\AUTOSTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-29 14:25] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 21:37] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 21:37] 2009-10-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-06-16 21:22] 2009-10-12 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.newgrounds.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab FF - ProfilePath - c:\documents and settings\Past\Application Data\Mozilla\Firefox\Profiles\wptbtgqp.default\ FF - prefs.js: browser.startup.homepage - newgrounds.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{1EAC56A8-38EA-47F3-80D7-4D37A7133EC1} - (no file) BHO-{826FBD6C-F2EF-40F9-8604-B5E70E01459C} - (no file) BHO-{C2889030-A783-44F9-AA2E-C5517CFB9185} - (no file) BHO-{C3AF4D34-4A94-4595-86D1-8C3B251E4734} - (no file) HKLM-Run-yibijilow - c:\windows\system32\libodiwa.dll HKLM-Run-migozasati - peyeduli.dll SharedTaskScheduler-{c3c4f6ab-304f-49c0-b552-abbe8b13b2c4} - (no file) SharedTaskScheduler-{89544fa1-8727-4641-ae79-4b9a642d98f0} - c:\windows\system32\libodiwa.dll SSODL-fuhelohad-{c3c4f6ab-304f-49c0-b552-abbe8b13b2c4} - (no file) SSODL-nurajekop-{89544fa1-8727-4641-ae79-4b9a642d98f0} - c:\windows\system32\libodiwa.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-11 23:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-73586283-1644491937-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:79,d0,61,30,0c,7c,3a,8f,2b,c8,16,3c,ec,a2,bf,91,df,f3,22,ba,94,70,22, 77,26,3d,7b,12,5b,f1,5b,e5,b6,35,83,d9,5e,ae,db,93,76,66,fb,ad,4d,d4,e7,65,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-73586283-1644491937-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:4d,86,15,d3,92,b7,d0,ba,f7,46,64,b6,61,0a,b6,a9,74,47,bc,cf,cb, 65,b7,fd,9a,c9,68,b3,0e,32,f0,fb,3b,d1,08,8c,df,c3,87,c8,7c,4f,a9,be,a6,61,\ "rkeysecu"=hex:ab,42,3b,40,d1,ed,1c,35,6e,eb,e7,c9,12,19,53,e7 [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3868) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\COMODO\Firewall\cmdagent.exe c:\windows\system32\BCMWLTRY.EXE c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe c:\progra~1\Ontrack\SYSTEM~1\MXTask.exe c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\wscntfy.exe c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-10-12 23:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-12 03:56 Pre-Run: 353,590,988,800 bytes free Post-Run: 353,502,072,832 bytes free Current=6 Default=6 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7 415 --- E O F --- 2009-09-30 12:11
  8. xcyper33
    YAY IT WORKED. Anyway, ok...so yeah I gave you gmerlog 1 txt file. the other 2 are inside that rar file. Hopefully you can find something wrong with the machine. Thanks SJP for helping me.
  9. xcyper33
    Hope this works..Got an idea..put it in a rar file. gmerlog.rar
  10. xcyper33
    I try but the forums somehow is not erasing any memory of how much the ifle was last time. The 1st log was 334.23k ...then it says 'Attatchment space used 334.24k of 500k. So is there suppose to be a limit on how much attatchments I can submit each day or what?
  11. xcyper33
    Attachment space used 334.24K of 500K .......what? I split the files into 3 txt files you got 1...the other 2? Well...yeah..they are like 180k yet the forums insist that they are 334.24k even though that isn't above 500k anyway. What gives?
  12. xcyper33
    Ok I split it. Part 1 and... gmerlog1.txt
  13. xcyper33
    Believe it or not the text is LARGER then available space..I'm going to panic in a few. How do I get this to you?!
  14. xcyper33
    Darnit! It didn't attatch. Let me try again.
  15. xcyper33
    Also here, take this. It is the log itself. Maybe you can d/l it off of me and read it?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.