ph3nom

Honorary Members
  • Content count

    73
  • Joined

  • Last visited

About ph3nom

  • Rank
    Regular Member

Contact Methods

  • ICQ
    0
  1. still no good. it keep saying i need to install it. like the yellow shield with the ! point saying update. i used ur way, it installed, but i still get the shield telling me to install the same thing.
  2. i installed everything u told me to. but one thing is giving me problems. i got service pack 3. but this update wont install...and i dont know why. Update for Windows XP (KB951978) it wont install for some odd reasons...help please?
  3. here is the DDS logs DDS (Ver_09-07-30.01) - NTFSx86 Run by anthony at 11:24:38.76 on Thu 08/27/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRunOnce: [RunNarrator] Narrator.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\eo5xqksd.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-08-27 11:23 <DIR> --d-h--- c:\windows\PIF 2009-08-25 01:24 <DIR> --d----- c:\program files\Kerio 2009-08-25 01:24 102,912 -------- c:\windows\system32\drivers\FWDRV.SYS 2009-08-23 14:36 <DIR> --dsh--- c:\windows\Installer 2009-08-22 20:58 687,104 a------- c:\windows\is-BA5Q8.exe 2009-08-22 20:58 10,498 a------- c:\windows\is-BA5Q8.msg 2009-08-22 20:58 417 a------- c:\windows\is-BA5Q8.lst 2009-08-22 17:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-22 17:34 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-22 17:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-20 10:50 0 a------- c:\documents and settings\anthony\settings.dat 2009-08-11 02:20 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll 2009-08-11 02:20 452,440 a------- c:\windows\system32\d3dx10_40.dll 2009-08-11 02:20 4,379,984 a------- c:\windows\system32\D3DX9_40.dll 2009-08-11 02:20 <DIR> --d----- c:\windows\Logs 2009-08-02 14:31 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-02 14:30 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-02 14:30 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-02 14:30 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-02 14:30 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-02 14:30 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-02 14:30 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-08-02 14:30 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-02 14:28 <DIR> --d----- c:\program files\MSXML 6.0 2009-08-02 14:25 201,050 a------- c:\windows\system32\nvapps.nvb 2009-08-02 14:24 <DIR> --d----- c:\windows\system32\GroupPolicy 2009-08-02 14:24 <DIR> --d----- c:\program files\Windows Desktop Search 2009-08-02 14:23 <DIR> --d----- c:\program files\Windows Media Connect 2 2009-08-02 14:19 <DIR> --d----- c:\windows\system32\URTTEMP 2009-08-02 14:16 288,768 -------- c:\windows\system32\rhttpaa.dll 2009-08-02 14:16 116,736 -------- c:\windows\system32\aaclient.dll 2009-08-02 14:16 36,352 -------- c:\windows\system32\tsgqec.dll ==================== Find3M ==================== 2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-15 12:40 137,544 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-15 12:40 189,480 a------- c:\windows\system32\PnkBstrB.exe 2009-07-15 12:38 139,152 a------- c:\docume~1\anthony\applic~1\PnkBstrK.sys 2009-07-15 12:38 794,408 a------- c:\windows\system32\pbsvc.exe 2009-07-15 12:38 75,064 a------- c:\windows\system32\PnkBstrA.exe 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-06-29 11:12 827,392 -------- c:\windows\system32\wininet.dll 2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll 2009-06-29 11:12 17,408 -------- c:\windows\system32\corpol.dll 2009-06-25 03:44 724,480 a------- c:\windows\system32\lsasrv.dll 2009-06-25 03:44 298,496 a------- c:\windows\system32\kerberos.dll 2009-06-25 03:44 168,448 a------- c:\windows\system32\schannel.dll 2009-06-25 03:44 133,632 a------- c:\windows\system32\msv1_0.dll 2009-06-25 03:44 59,392 a------- c:\windows\system32\wdigest.dll 2009-06-25 03:44 56,320 a------- c:\windows\system32\secur32.dll 2009-06-24 23:55 152,904 a------- c:\windows\system32\vghd.scr 2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll 2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-09 10:06 1,871,872 a------- c:\windows\system32\mstscax.dll 2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll 2008-10-30 07:59 133 a---h--- c:\docume~1\anthony\applic~1\lakerda1967.sys ============= FINISH: 11:25:02.01 =============== here is the second one... ==== Installed Programs ======================
  4. link dont work for me. so im not moving on until we finish this step. please assist so we can finish this soon, and thanks a lot.
  5. I have the home edition, and when i install your file you told me to get, it just say remove or repair. it says time limited demo license.. http://www.virustotal.com/analisis/7110afc...de72-1251250839 that link should work it work for me. it also say 0/41. here is report in case. Antivirus Version Last Update Result a-squared 4.5.0.24 2009.08.26 - AhnLab-V3 5.0.0.2 2009.08.25 - AntiVir 7.9.1.3 2009.08.25 - Antiy-AVL 2.0.3.7 2009.08.24 - Authentium 5.1.2.4 2009.08.26 - Avast 4.8.1335.0 2009.08.25 - AVG 8.5.0.406 2009.08.25 - BitDefender 7.2 2009.08.26 - CAT-QuickHeal 10.00 2009.08.25 - ClamAV 0.94.1 2009.08.25 - Comodo 2091 2009.08.26 - DrWeb 5.0.0.12182 2009.08.26 - eSafe 7.0.17.0 2009.08.25 - eTrust-Vet 31.6.6700 2009.08.25 - F-Prot 4.4.4.56 2009.08.25 - F-Secure 8.0.14470.0 2009.08.26 - Fortinet 3.120.0.0 2009.08.26 - GData 19 2009.08.26 - Ikarus T3.1.1.68.0 2009.08.26 - Jiangmin 11.0.800 2009.08.25 - K7AntiVirus 7.10.827 2009.08.25 - Kaspersky 7.0.0.125 2009.08.26 - McAfee 5720 2009.08.25 - McAfee+Artemis 5720 2009.08.25 - McAfee-GW-Edition 6.8.5 2009.08.26 - Microsoft 1.4903 2009.08.26 - NOD32 4367 2009.08.25 - Norman 2009.08.25 - nProtect 2009.1.8.0 2009.08.25 - Panda 10.0.2.2 2009.08.25 - PCTools 4.4.2.0 2009.08.25 - Prevx 3.0 2009.08.26 - Rising 21.44.11.00 2009.08.25 - Sophos 4.44.0 2009.08.26 - Sunbelt 3.2.1858.2 2009.08.25 - Symantec 1.4.4.12 2009.08.26 - TheHacker 6.3.4.3.388 2009.08.25 - TrendMicro 8.950.0.1094 2009.08.25 - VBA32 3.12.10.10 2009.08.25 - ViRobot 2009.8.25.1901 2009.08.25 - VirusBuster 4.6.5.0 2009.08.25 - Additional information File size: 13696 bytes MD5...: be5d50529799b9bab6be879ec768b6cf SHA1..: 8b5350ca00576e60017baf2f27b5bf22ee34efb9 SHA256: 7110afc1e16584c8c194ee0de9d779a159d1ad2553ea650324f16c3da847de72 ssdeep: 192:ZyAcOFMCCMY/fIbBu2bQG08P4YZn6K39B/dbVJTPEZZYwnNmmb5MsHKKi/5n EIGv:ZyjOj1xQyAgSLbKsHKn9E0Qk PEiD..: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) here is scan for you to double check. malwarebytes Malwarebytes' Anti-Malware 1.40 Database version: 2697 Windows 5.1.2600 Service Pack 2 8/25/2009 9:50:52 PM mbam-log-2009-08-25 (21-50-52).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 224702 Time elapsed: 1 hour(s), 2 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:59:02 PM, on 8/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 6887 bytes so am i clean? and whats next. also i deleted what u told me to.
  6. ok avg is uninstalled and only avast remains. but its on a trail demo license. where can i find a key for it? and now for your part. i got Kerio, is that good?and how should i set the settings on it? please guide me. like what should i allow to run, and not to run. like for games i know and programs i use like zune and so on. but for others, how i know it safe? for example like that teatimer incident that you told me to accept but i didn't know it was for my audio and i should allow it. and also i dont believe im getting redirected on google anymore. how will i know im clean for sure? and heres the analysis from virustotal for c:\windows\system32\drivers\BIOS.sys... http://www.virustotal.com/analisis/7110afc...de72-1251181724 and lastly. am i clean yet? how do i know im completely clean of all virus, malware, adware and other harmful infections on my computer and not getting redirected on google in the future? do you want me to do a full scan or something? also i still have all the logs and files you told me to get. (root repeal, upload.bat, fixes.bat, avenger, win32kdiag, and win32kdiag.txt, filecopy.bat, combofix and all the logs from the programs i used, and gooredfix. PLEASE ASSIST WITH ALL THIS. i suck when it come to this. so i want to know everything i can and run through everything thoroughly to make sure everything is ok and clean of all infections and how to use stuff u told me to get. thanks a lot!!! much!!
  7. here is my combofix log... ComboFix 09-08-23.01 - anthony 08/24/2009 9:06.6.2 - NTFSx86 Running from: c:\documents and settings\anthony\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\anthony\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ULBALIZ -------\Service_ulbaliz ((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 ))))))))))))))))))))))))))))))) . 2009-08-23 20:04 . 2009-08-23 19:54 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe 2009-08-23 20:04 . 2009-08-23 19:54 53528 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\libsasl.dll 2009-08-23 20:04 . 2009-08-23 19:54 36632 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\sasldigestmd5.dll 2009-08-23 20:04 . 2009-08-23 19:54 18200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\saslcrammd5.dll 2009-08-23 20:04 . 2009-08-23 19:54 16664 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\saslplain.dll 2009-08-23 20:04 . 2009-08-23 19:54 16664 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\sasllogin.dll 2009-08-23 19:43 . 2009-08-23 19:43 -------- d-----w- c:\documents and settings\anthony\Local Settings\Application Data\AVG Security Toolbar 2009-08-23 19:41 . 2009-08-23 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-08-23 19:36 . 2009-08-23 19:38 -------- d-sh--w- c:\windows\Installer 2009-08-23 01:58 . 2009-08-23 01:58 687104 ----a-w- c:\windows\is-BA5Q8.exe 2009-08-23 01:06 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-23 01:06 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-23 01:06 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-23 01:06 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-23 01:06 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-23 01:06 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-23 01:06 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-23 01:06 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-23 01:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-23 01:05 . 2009-08-23 01:05 -------- d-----w- c:\program files\Alwil Software 2009-08-22 22:34 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-22 22:34 . 2009-08-23 01:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-22 22:34 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 15:50 . 2009-08-20 15:50 0 ----a-w- c:\documents and settings\anthony\settings.dat 2009-08-13 20:12 . 2009-08-13 20:12 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 07:20 . 2008-10-10 09:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-08-11 07:20 . 2008-10-10 09:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-08-11 07:20 . 2008-10-10 09:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-08-11 07:20 . 2009-08-11 07:20 -------- d-----w- c:\windows\Logs 2009-08-03 15:45 . 2009-08-23 19:55 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-08-03 15:45 . 2009-08-23 19:54 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-08-03 15:42 . 2009-08-23 20:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-03 15:42 . 2009-08-03 15:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-08-03 15:42 . 2009-08-23 20:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-03 15:42 . 2009-08-23 20:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-03 15:42 . 2009-08-24 14:01 -------- d-----w- c:\windows\system32\drivers\Avg 2009-08-02 19:31 . 2009-08-02 19:31 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-02 19:31 . 2009-08-02 19:31 -------- d-----w- c:\program files\Reference Assemblies 2009-08-02 19:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-02 19:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-02 19:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-02 19:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-02 19:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-02 19:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-02 19:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-02 19:28 . 2009-08-02 19:28 -------- d-----w- c:\program files\MSXML 6.0 2009-08-02 19:24 . 2009-08-22 22:20 -------- d-----w- c:\program files\Windows Desktop Search 2009-08-02 19:24 . 2009-08-02 19:24 -------- d-----w- c:\windows\system32\GroupPolicy 2009-08-02 19:23 . 2009-08-02 19:23 -------- d-----w- c:\program files\Windows Media Connect 2 2009-08-02 19:19 . 2009-08-02 19:19 -------- d-----w- c:\windows\system32\URTTEMP 2009-08-02 19:16 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll 2009-08-02 19:16 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll 2009-08-02 19:16 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-23 20:06 . 2008-11-27 02:36 -------- d-----w- c:\documents and settings\anthony\Application Data\Skype 2009-08-23 19:55 . 2009-04-11 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-23 19:55 . 2009-08-16 01:30 1262368 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll 2009-08-23 19:55 . 2009-08-16 01:30 531736 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgsched.dll 2009-08-23 19:55 . 2009-08-16 01:30 512280 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgvvx.dll 2009-08-23 19:55 . 2009-08-16 01:30 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgsrmax.exe 2009-08-23 19:55 . 2009-08-16 01:30 338712 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.dll 2009-08-23 19:55 . 2009-08-16 01:30 310528 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll 2009-08-23 19:55 . 2009-08-03 15:46 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-08-19 20:30 . 2008-09-06 00:48 -------- d-----w- c:\program files\DAP 2009-08-19 20:18 . 2008-09-06 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2009-08-19 20:17 . 2008-09-06 00:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-19 20:16 . 2008-09-08 04:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-19 19:19 . 2008-09-05 19:10 75032 ----a-w- c:\documents and settings\anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-19 19:05 . 2008-11-04 02:20 -------- d-----w- c:\documents and settings\anthony\Application Data\uTorrent 2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 19:31 . 2009-01-19 23:36 -------- d-----w- c:\program files\MSBuild 2009-08-01 08:14 . 2009-05-19 02:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 17:40 . 2008-11-30 06:55 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-15 17:40 . 2008-11-30 06:09 189480 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-15 17:38 . 2009-07-15 17:38 139152 ----a-w- c:\documents and settings\anthony\Application Data\PnkBstrK.sys 2009-07-15 17:38 . 2009-07-15 17:38 139152 ----a-w- c:\documents and settings\anthony\Application Data\PnkBstrK.sys 2009-07-15 17:38 . 2009-07-15 17:14 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-15 17:38 . 2008-11-30 05:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 04:32 . 2008-11-27 02:38 -------- d-----w- c:\documents and settings\anthony\Application Data\skypePM 2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 15:37 . 2008-10-27 01:04 -------- d-----w- c:\program files\vghd 2009-06-25 15:36 . 2008-10-27 01:04 5 ----a-w- c:\windows\sbacknt.bin 2009-06-25 08:44 . 2004-08-04 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:44 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:44 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:44 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:44 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:44 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 04:55 . 2008-10-27 01:04 152904 ----a-w- c:\windows\system32\vghd.scr 2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-21 02:27 . 2009-06-21 02:27 390664 ----a-w- c:\documents and settings\anthony\Application Data\Real\RealPlayer\Update\realplayer11gold.exe 2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 02:44 . 2009-06-15 02:44 10134 ----a-r- c:\documents and settings\anthony\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-09 23:49 . 2009-06-09 23:49 152576 ----a-w- c:\documents and settings\anthony\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-09 15:06 . 2008-09-05 15:34 1871872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-19 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-23 20:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^anthony^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK] path=c:\documents and settings\anthony\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=3 (0x3) "VideoAcceleratorService"=2 (0x2) "SvcOnlineArmor"=2 (0x2) "odserv"=3 (0x3) "OAcat"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "MDM"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\VentSrv\\ventrilo_srv.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\steamapps\\common\\dawn of war soulstorm demo\\Soulstorm.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AIM\\aim.exe"= "d:\\Program Files\\steamapps\\common\\lumines\\lumines.exe"= "d:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\team fortress 2\\hl2.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\counter-strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\half-life 2 deathmatch\\hl2.exe"= "d:\\Program Files\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2008-09-06 292472] S1 aswSP;avast! Self Protection; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-23 335240] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-03 108552] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696] S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [2005-02-18 15488] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-23 908056] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752] S2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [2008-09-06 35584] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) Notify-cscdll - (no file) Notify-LBTWlgn - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com FF - ProfilePath - c:\documents and settings\anthony\Application Data\Mozilla\Firefox\Profiles\eo5xqksd.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-24 09:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3348) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Logitech\iTouch\iTchHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Logitech\SetPoint\SetPoint.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2009-08-24 9:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-24 14:13 ComboFix2.txt 2009-08-23 18:56 Pre-Run: 40,316,989,440 bytes free Post-Run: 40,260,739,072 bytes free 331 --- E O F --- 2009-08-14 16:44 here is my hijack this log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:15:06 AM, on 8/24/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 7461 bytes heres the virustotal log of files you told me to upload for analysis... for c:\windows\system32\dllcache\printfilterpipelinesvc.exe here is link... http://www.virustotal.com/analisis/d2a468e...6e8a-1251123555 for c:\windows\system32\tsgqec.dll here is link... http://www.virustotal.com/analisis/96a74a9...39b7-1251126169 for c:\windows\system32\rhttpaa.dll here is link... http://www.virustotal.com/analisis/4e8f792...eb35-1251126260 for c:\windows\system32\aaclient.dll here is link... http://www.virustotal.com/analisis/ffe3c0e...b246-1251126374 also last...is avast! anti-virus any good? i have avg working now and i also have avast! anti-virus installed and working. i was wondering which one i should keep and which is better and which to use since i know keeping two ant-virus working at the same time is not a good idea.
  8. last thing. my spybot search and destroy tea timer is now always detecting a thing that keep trying to change my setting. i always deny it. here is info. Spybot - Search and Destroy has detected an important registry entry that has been changed. Category: System Startup global entry Change: Value Deleted Entry: Alcmtr Old data: ALCMTR.EXE and i picked deney change but it pop up from time to time. what do i do next after all the logs i gave now.
  9. heres a gooredfix report GooredFix by jpshortstuff (03.07.09) Log created at 14:15 on 23/08/2009 (anthony) Firefox version 3.5.2 (en-US) ========== GooredScan ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [16:00 09/07/2009] {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [04:46 29/09/2008] {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [00:21 29/11/2008] {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [08:07 18/03/2009] {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [09:50 11/04/2009] {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [23:49 09/06/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [06:45 19/05/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:50 11/04/2009] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:32 02/08/2009] "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [15:41 03/08/2009] "avg@igeared"="C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared" [01:47 21/08/2009] -=E.O.F=-
  10. combo fix told me to write this down and we may need it in the future. here you go. C:\windows\system32\drivers\UACuwqoowbivf.sys C:\windows\system32\UACturrtqlten.dll C:\windows\system32\UACqttlpkmsrs.dll C:\windows\system32\UACkyibqjifhl.dat C:\windows\system32\UACdeqrmyvhft.db C:\windows\system32\UACabtlnskukp.dll C:\windows\system32\Uacxlwntpogoe.dll heres a combo fix log. i got it to work somehow with a virus scan that clean up some stuff. not with avg but with avast!...... ComboFix Beta_09-08-18.01 - anthony 08/23/2009 13:49.5.2 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.3040 [GMT -5:00] Running from: c:\documents and settings\anthony\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090823-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ALLUSE~1\Desktop\avast! Antivirus.lnk c:\docume~1\anthony\LOCALS~1\Temp\_av_inet.tm~a02804\setupeng.exe c:\documents and settings\anthony\Local Settings\temp\_av_inet.tm~a02804\setupeng.exe c:\windows\braviax.exe c:\windows\run.log c:\windows\system32\braviax.exe c:\windows\system32\drivers\UACuwqoowbivf.sys c:\windows\system32\UACabtlnskukp.dll c:\windows\system32\UACdeqrmyvhft.db c:\windows\system32\uacinit.dll c:\windows\system32\UACkyibqjifhl.dat c:\windows\system32\UACqttlpkmsrs.dll c:\windows\system32\UACturrtqlten.dll c:\windows\system32\UACxlwntpogoe.dll Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-23 01:58 . 2009-08-23 01:58 687104 ----a-w- c:\windows\is-BA5Q8.exe 2009-08-23 01:06 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-23 01:06 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-23 01:06 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-23 01:06 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-23 01:06 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-23 01:06 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-23 01:06 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-23 01:06 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-23 01:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-23 01:05 . 2009-08-23 01:05 -------- d-----w- c:\program files\Alwil Software 2009-08-22 22:34 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-22 22:34 . 2009-08-23 01:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-22 22:34 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 15:50 . 2009-08-20 15:50 0 ----a-w- c:\documents and settings\anthony\settings.dat 2009-08-19 20:06 . 2009-08-19 20:06 -------- d-----w- c:\documents and settings\anthony\Local Settings\Application Data\AVG Security Toolbar 2009-08-19 19:58 . 2009-08-22 01:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar 2009-08-13 20:12 . 2009-08-13 20:12 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 07:20 . 2008-10-10 09:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-08-11 07:20 . 2008-10-10 09:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-08-11 07:20 . 2008-10-10 09:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-08-11 07:20 . 2009-08-11 07:20 -------- d-----w- c:\windows\Logs 2009-08-03 15:42 . 2009-08-16 01:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-03 15:42 . 2009-08-03 15:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-08-03 15:42 . 2009-08-16 01:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-03 15:42 . 2009-08-16 01:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-03 15:42 . 2009-08-23 18:37 -------- d-----w- c:\windows\system32\drivers\Avg 2009-08-02 19:31 . 2009-08-02 19:31 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-02 19:31 . 2009-08-02 19:31 -------- d-----w- c:\program files\Reference Assemblies 2009-08-02 19:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-02 19:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-02 19:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-02 19:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-02 19:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-02 19:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-02 19:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-02 19:28 . 2009-08-02 19:28 -------- d-----w- c:\program files\MSXML 6.0 2009-08-02 19:24 . 2009-08-22 22:20 -------- d-----w- c:\program files\Windows Desktop Search 2009-08-02 19:24 . 2009-08-02 19:24 -------- d-----w- c:\windows\system32\GroupPolicy 2009-08-02 19:23 . 2009-08-02 19:23 -------- d-----w- c:\program files\Windows Media Connect 2 2009-08-02 19:19 . 2009-08-02 19:19 -------- d-----w- c:\windows\system32\URTTEMP 2009-08-02 19:16 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll 2009-08-02 19:16 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll 2009-08-02 19:16 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-22 22:17 . 2009-04-11 10:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-08-19 20:30 . 2008-09-06 00:48 -------- d-----w- c:\program files\DAP 2009-08-19 20:18 . 2008-09-06 00:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SpeedBit 2009-08-19 20:17 . 2008-09-06 00:48 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-08-19 20:16 . 2008-09-08 04:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-19 19:19 . 2008-09-05 19:10 75032 ----a-w- c:\documents and settings\anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-19 19:05 . 2008-11-04 02:20 -------- d-----w- c:\documents and settings\anthony\Application Data\uTorrent 2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 19:31 . 2009-01-19 23:36 -------- d-----w- c:\program files\MSBuild 2009-08-01 08:14 . 2009-05-19 02:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 17:40 . 2008-11-30 06:55 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-15 17:40 . 2008-11-30 06:09 189480 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-15 17:38 . 2009-07-15 17:38 139152 ----a-w- c:\documents and settings\anthony\Application Data\PnkBstrK.sys 2009-07-15 17:38 . 2009-07-15 17:38 139152 ----a-w- c:\documents and settings\anthony\Application Data\PnkBstrK.sys 2009-07-15 17:38 . 2009-07-15 17:14 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-15 17:38 . 2008-11-30 05:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 04:34 . 2008-11-27 02:36 -------- d-----w- c:\documents and settings\anthony\Application Data\Skype 2009-07-09 04:32 . 2008-11-27 02:38 -------- d-----w- c:\documents and settings\anthony\Application Data\skypePM 2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 15:37 . 2008-10-27 01:04 -------- d-----w- c:\program files\vghd 2009-06-25 15:36 . 2008-10-27 01:04 5 ----a-w- c:\windows\sbacknt.bin 2009-06-25 08:44 . 2004-08-04 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:44 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:44 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:44 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:44 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:44 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 04:55 . 2008-10-27 01:04 152904 ----a-w- c:\windows\system32\vghd.scr 2009-06-25 04:53 . 2008-10-27 01:25 -------- d--h--w- c:\documents and settings\anthony\Application Data\vghd 2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-21 02:27 . 2009-06-21 02:27 390664 ----a-w- c:\documents and settings\anthony\Application Data\Real\RealPlayer\Update\realplayer11gold.exe 2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 02:44 . 2009-06-15 02:44 10134 ----a-r- c:\documents and settings\anthony\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-09 23:49 . 2009-06-09 23:49 152576 ----a-w- c:\documents and settings\anthony\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-09 15:06 . 2008-09-05 15:34 1871872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-19 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-5 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-16 01:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^anthony^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK] path=c:\documents and settings\anthony\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=3 (0x3) "VideoAcceleratorService"=2 (0x2) "SvcOnlineArmor"=2 (0x2) "odserv"=3 (0x3) "OAcat"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "MDM"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\VentSrv\\ventrilo_srv.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\steamapps\\common\\dawn of war soulstorm demo\\Soulstorm.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AIM\\aim.exe"= "d:\\Program Files\\steamapps\\common\\lumines\\lumines.exe"= "d:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\team fortress 2\\hl2.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\counter-strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Program Files\\steamapps\\aznl2iceboi5o4\\half-life 2 deathmatch\\hl2.exe"= "d:\\Program Files\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/22/2009 8:06 PM 114768] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/3/2009 10:42 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/3/2009 10:42 AM 108552] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/18/2009 4:58 AM 13696] R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [1/6/2009 1:25 PM 15488] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2009 8:06 PM 20560] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/3/2009 10:41 AM 297752] R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [9/5/2008 7:51 PM 35584] S2 ulbaliz;ulbaliz;c:\windows\system32\drivers\tkrrz.sys --> c:\windows\system32\drivers\tkrrz.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/22/2009 5:34 PM 38160] S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) Notify-cscdll - (no file) Notify-LBTWlgn - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html FF - ProfilePath - c:\docume~1\anthony\APPLIC~1\Mozilla\Firefox\Profiles\eo5xqksd.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 13:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2888) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\ZuneBusEnum.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\program files\AVG\AVG8\avgui.exe . ************************************************************************** . Completion time: 2009-08-23 13:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-23 18:56 ComboFix2.txt 2009-07-09 16:58 Pre-Run: 39,976,849,408 bytes free Post-Run: 40,159,604,736 bytes free 338 --- E O F --- 2009-08-14 16:44 and heres a hijack this log. i was able in install it in my second hard drive. D but was able to install in C but it wouldnt run. it says the error that the access point is deleted or not found like i had before. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:05:04 PM, on 8/23/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\AIM\aim.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 7515 bytes want me to check and fix anything on here? and heres a quick scan with malwarebytes(not a full scan, tell me if i need to when u read all this) Malwarebytes' Anti-Malware 1.40 Database version: 2684 Windows 5.1.2600 Service Pack 2 8/23/2009 2:12:07 PM mbam-log-2009-08-23 (14-12-07).txt Scan type: Quick Scan Objects scanned: 99250 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. and i picked remove all and told me to restart. also avg resident shield is still off even when i say to turn it on, so avg is still bugged. Also on firefox i still get redirected on my search engine. when i type espn and click the espn homepage on google search. it redirect me to somewhere way different.
  11. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! thats all i got just now in normal mode...
  12. in safe or normal mode?