Solved Possible malware problem (from fake codec)

andre123 · 2009/06/20

[Resolved] Possible malware problem (from fake codec)

trying to fix my mates laptop after he installed fake codecs. any app he downloaded and tried to install would freeze.

reading through your threads i read to try and rename the .exe. this fix the loading problem, logs are below..

thanks in advance for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:33 AM, on 21/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Andre\Desktop\HiJackThis\domma123.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Users\Andre\Desktop\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EF80CCC-E505-4EC6-A9D3-09D42E9A990B}: NameServer = 85.255.112.228,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A37DACE-8965-4FBE-AA10-2ED00D86465D}: NameServer = 85.255.112.228,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E71665-50A8-43EF-BD92-CB3EF7F08060}: NameServer = 85.255.112.228,85.255.112.93
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.228,85.255.112.93
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.228,85.255.112.93
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.228,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.228,85.255.112.93
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 11400 bytes

PeteC · 2009/06/20

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread. A straightforward HJT log is not what is required.

andre123 · 2009/06/20

sorry i do apologise. i did go to the thread but when i downloaded the dds i got the one name dds.scr which did not work. i noticed the other link was dds.com which worked.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Andre at 6:04:13.84 on Sun 21/06/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.61.1033.18.2046.820 [GMT 10:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\maized.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andre\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe "
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Steam] "c:\users\andre\desktop\steam\Steam.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PowerForPhone] c:\program files\powerforphone\PowerForPhone.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\windows\system32\APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\andre\appdata\roaming\mozilla\firefox\profiles\acgmkil8.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-6-14 208896]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-19 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-20 28544]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-17 23496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 altio;altio;c:\windows\system32\altio.sys [2004-5-26 3200]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-22 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-6-22 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 951632]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-6-14 24576]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01v32.sys [2008-6-14 48128]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2008-6-14 299904]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-21 38160]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-6-14 1260672]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-7 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
SUnknown GETPADD;GETPADD; [x]

=============== Created Last 30 ================

2009-06-21 05:43 <DIR> --ds---- C:\worksnow
2009-06-21 05:43 318,976 a------- c:\windows\system32\CF5048.exe
2009-06-21 04:47 <DIR> --ds---- C:\mobofix
2009-06-21 04:43 <DIR> --d----- c:\users\andre\appdata\roaming\Malwarebytes
2009-06-21 02:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 02:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-21 02:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-21 02:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 02:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-21 02:04 <DIR> --d----- C:\!KillBox
2009-06-20 15:07 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-20 14:54 <DIR> --d----- c:\program files\Panda Security
2009-06-20 12:32 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-20 12:32 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-20 12:32 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-20 12:32 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-20 12:30 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-06-20 12:30 <DIR> --d----- c:\program files\Kaspersky Lab
2009-06-20 12:30 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-06-20 12:27 <DIR> --d----- c:\program files\Kaspersky Anti-Virus 2009
2009-06-20 00:33 <DIR> --d----- c:\users\andre\.housecall6.6
2009-06-20 00:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-19 22:06 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-19 22:06 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 22:06 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 22:06 <DIR> --d----- c:\programdata\Lavasoft
2009-06-19 22:06 <DIR> --d----- c:\program files\Lavasoft
2009-06-18 20:07 <DIR> --d----- c:\users\andre\appdata\roaming\Intel
2009-06-15 16:21 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-06-15 16:21 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-06-08 18:30 377,683,174 a------- c:\windows\MEMORY.DMP
2009-06-08 18:22 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-08 14:47 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-07 16:23 <DIR> --d----- c:\users\andre\Tracing
2009-06-07 16:22 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-06-07 16:21 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-06-07 16:17 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-07 16:15 <DIR> --d----- c:\program files\Microsoft
2009-06-07 16:15 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-07 16:09 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-06-21 04:55 45,056 a------- c:\windows\system32\acovcnt.exe
2009-06-21 04:51 1,660 a------- c:\windows\bthservsdp.dat
2009-06-21 01:48 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-21 01:48 86,016 a------- c:\windows\inf\infstor.dat
2009-06-21 01:48 51,200 a------- c:\windows\inf\infpub.dat
2009-06-19 22:03 391,616 a------- c:\windows\system32\perfh011.dat
2009-06-19 22:03 346,378 a------- c:\windows\system32\prfh0404.dat
2009-06-19 22:03 335,570 a------- c:\windows\system32\prfh0804.dat
2009-06-19 22:03 110,386 a------- c:\windows\system32\perfc011.dat
2009-06-19 22:03 110,224 a------- c:\windows\system32\prfc0404.dat
2009-06-19 22:03 110,218 a------- c:\windows\system32\prfc0804.dat
2009-06-08 03:08 41,335 a------- c:\users\andre\appdata\roaming\nvModes.dat
2009-05-02 07:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-02 07:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-02 07:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-02 07:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-02 07:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-02 07:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-02 07:02 685,056 a------- c:\windows\system32\DivX.dll
2009-03-23 12:49 2,113,536 a------- c:\windows\system32\mppython.dll
2009-03-23 12:44 81,920 a------- c:\windows\system32\MPMapTrace.dll
2009-03-23 12:09 364,544 a------- c:\windows\system32\mpPathan.dll
2009-03-23 12:08 1,753,088 a------- c:\windows\system32\mpxerces-c_2_7.dll
2008-06-22 10:10 174 a--sh--- c:\program files\desktop.ini
2008-06-22 09:58 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-14 19:29 22,328 a------- c:\users\andre\appdata\roaming\PnkBstrK.sys
2007-06-22 19:39 109,926 a------- c:\windows\inf\perflib\0804\perfi.dat
2007-06-22 19:39 109,926 a------- c:\windows\inf\perflib\0804\perfh.dat
2007-06-22 19:39 30,674 a------- c:\windows\inf\perflib\0804\perfd.dat
2007-06-22 19:39 30,674 a------- c:\windows\inf\perflib\0804\perfc.dat
2007-06-22 19:26 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2007-06-22 19:26 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2007-06-22 19:26 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2007-06-22 19:26 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2007-06-22 19:19 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2007-06-22 19:19 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat
2007-06-22 19:19 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat
2007-06-22 19:19 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat
2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-12 08:49 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-12 08:49 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-12 08:49 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 6:04:34.91 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vistaâ„¢ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 14/06/2008 10:01:15 AM
System Uptime: 21/06/2009 4:56:42 AM (2 hours ago)

Motherboard: ASUSTeK Computer Inc. | | F3Sv
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Socket 478 | 2201/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 43.215 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 23.262 GiB free.
E: is CDROM (UDF)
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000A\7&19A3A93E&0&0018C54D9721_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000A\7&19A3A93E&0&0018C54D9721_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000A\7&19A3A93E&0&0018C54D9721_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000A\7&19A3A93E&0&0018C54D9721_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000A\7&19A3A93E&0&0018C54D9721_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000A\7&19A3A93E&0&0018C54D9721_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000A\7&19A3A93E&0&001A8A539974_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000A\7&19A3A93E&0&001A8A539974_C00000000
Service:

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Communications Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Communications Port (COM8)
PNP Device ID: ROOT\PORTS\0000
Service: Serial

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Altium Designer 6
Altium Designer 6 Library Updates (6.3.0.6641 to 6.4.0.7263)
Altium Designer 6 Updates (6.5.0.7356 to 6.6.0.7903)
Apple Mobile Device Support
Apple Software Update
ASUS InstantFun
ASUS Live Update
ASUS Security Protect Manager
ASUS Splendid Video Enhancement Technology
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Attansic Ethernet Utility
AuthenTec Fingerprint Sensor Minimum Install
AutoCAD LT 2009 - English
AutoUpdate
AVerMedia A301 (MiniCard, NTSC/PAL/SECAM/DVB-T/FM) 1.3.0.66
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Choice Guard
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FMS
GameArena The Arena
H.264 Decoder
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Icy Tower v1.3.1
Infineon TPM Professional Package
Intel(R) PROSet/Wireless Software
Intel® Turbo Memory and Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
LifeFrame2
Malwarebytes' Anti-Malware
mCore
mDriver
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.8)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Opera 9.50
Panda ActiveScan 2.0
Power4Gear eXtreme
PowerForPhone
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Smart Menus (Windows Live Toolbar)
Steam
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
USB2.0 1.3M WebCam
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Ventrilo Client
VistaFeaturePack
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
Warcraft III: All Products
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WinZip 12.0
Wireless Console 2
World of Warcraft

==== End Of File ===========================

broni · 2009/06/20

You're infected with DNS Hijacker (at least).

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

andre123 · 2009/06/20

all that bold txt, cant be good i'm currently downloading apps u mentioned, would u like log after each scan and wait for u to confirn to scan with next app or just do ur whole list and post all logs at once.

also i plugged my iphone ito my mates (this) laptop, can there be a problem?

once again thx

broni · 2009/06/20

would u like log after each scan and wait for u to confirn to scan with next app or just do ur whole list and post all logs at once.
Click to expand...

It doesn't matter to me...

i plugged my iphone ito my mates (this) laptop, can there be a problem?
Click to expand...

To transfer files?

andre123 · 2009/06/20

yea i did transfer some files from my iphone to his laptop and vise versa.

broni · 2009/06/20

You should be OK.

andre123 · 2009/06/20

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2009 at 09:23 AM

Application Version : 4.26.1004

Core Rules Database Version : 3949
Trace Rules Database Version: 1891

Scan type : Complete Scan
Total Scan Time : 01:55:53

Memory items scanned : 300
Memory threats detected : 0
Registry items scanned : 8870
Registry threats detected : 0
File items scanned : 184066
File threats detected : 1

Trace.Known Threat Sources
C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6OZJEGZ3\adwarealert.com[1].jpg

Malwarebytes anti malware is currently running now, will update when finished.

cheers

andre123 · 2009/06/20

Malwarebytes' Anti-Malware 1.38
Database version: 2317
Windows 6.0.6001 Service Pack 1

21/06/2009 11:18:53 AM
mbam-log-2009-06-21 (11-18-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 291150
Time elapsed: 1 hour(s), 14 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 17
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ef80ccc-e505-4ec6-a9d3-09d42e9a990b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4a37dace-8965-4fbe-aa10-2ed00d86465d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e1e71665-50a8-43ef-bd92-cb3ef7f08060}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1ef80ccc-e505-4ec6-a9d3-09d42e9a990b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4a37dace-8965-4fbe-aa10-2ed00d86465d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e1e71665-50a8-43ef-bd92-cb3ef7f08060}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1ef80ccc-e505-4ec6-a9d3-09d42e9a990b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4a37dace-8965-4fbe-aa10-2ed00d86465d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e1e71665-50a8-43ef-bd92-cb3ef7f08060}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e1e71665-50a8-43ef-bd92-cb3ef7f08060}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{1ef80ccc-e505-4ec6-a9d3-09d42e9a990b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{4a37dace-8965-4fbe-aa10-2ed00d86465d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e1e71665-50a8-43ef-bd92-cb3ef7f08060}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.228,85.255.112.93 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

andre123 · 2009/06/20

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-21 11:48:13
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

INT 0x52 ? 881C8BF8
INT 0x62 ? 881C8BF8
INT 0x72 ? 881C8BF8
INT 0x72 ? 881C8BF8
INT 0x92 ? 85622BF8
INT 0x93 ? 881C8BF8
INT 0xA2 ? 85621BF8
INT 0xB2 ? 8485EBF8

Code 9076A360 ZwEnumerateKey
Code 907DF858 ZwFlushInstructionCache
Code 907F5BED IofCallDriver
Code 9077F346 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 8263BFE2 5 Bytes JMP 9077F34B
.text ntkrnlpa.exe!IofCallDriver 826BDF6F 5 Bytes JMP 907F5BF2
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 827B430B 5 Bytes JMP 907DF85C
PAGE ntkrnlpa.exe!ZwEnumerateKey 82809BA2 5 Bytes JMP 9076A364
? System32\Drivers\spbb.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8D9B846F 5 Bytes JMP 881C81D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [886946D2] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88694040] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [886947FC] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [886940BE] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8869413C] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [886A4048] \SystemRoot\System32\Drivers\spbb.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 856251F8
Device \FileSystem\fastfat \FatCdrom 90F5A1F8
Device \FileSystem\udfs \UdfsCdRom 87FBF1F8
Device \FileSystem\udfs \UdfsDisk 87FBF1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4A37DACE-8965-4FBE-AA10-2ED00D86465D} 907F8500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcsocxrtqdqufevwmbtdwlnmxxmrbsxhyr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [852] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gxvxccbdpvehbsyevnxqopoovtprvddkempjn.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

andre123 · 2009/06/20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:27 AM, on 21/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Andre\Desktop\HiJackThis\domma123.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Users\Andre\Desktop\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 10396 bytes

just to confirm, since this scan i haven't or nor will i run any other cleaning tool till i hear from u.. cheers

broni · 2009/06/20

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

andre123 · 2009/06/20

having trouble running combofix, says norton is still running but I can't see it in my add/remove programs nor under processes

also my Internet speed has dramatically dropped, can't even access the website.. had to jump on my iPhone to write this reply

broni · 2009/06/20

Disregard Norton warning, run Combofix. You have a rootkit, and Combofix should take care of it.

andre123 · 2009/06/20

I ran combofix and after clicking 'ok' to both warnings, I disappeared. is this correct? also this laptop/Internet connection is real bad, been 15 mins trying to load website so I can send ya the hijackthis.log

any suggestions?

broni · 2009/06/20

Delete downloaded Combofix file.
I'll PM you with instructions what to do.

andre123 · 2009/06/21

ComboFix 09-06-20.04 - Andre 22/06/2009 9:52.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.61.1033.18.2046.1086 [GMT 10:00]
Running from: c:\tools-av\3978\3978.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2284991726-2962262229-3819078199-500
c:\recycler\S-1-5-21-1220945662-287218729-725345543-1003
c:\$recycle.bin\S-1-5-21-2284991726-2962262229-3819078199-500\desktop.ini
c:\recycler\S-1-5-21-1220945662-287218729-725345543-1003\desktop.ini
c:\recycler\S-1-5-21-1220945662-287218729-725345543-1003\INFO2
c:\windows\system32\acovcnt.exe
c:\windows\system32\gxvxccount

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 00:05 . 2009-06-22 00:14 -------- d-----w- c:\users\Andre\AppData\Local\temp
2009-06-21 08:08 . 2009-06-21 23:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-21 07:01 . 2009-06-21 07:01 -------- d-----w- c:\users\Andre\AppData\Local\AVG Security Toolbar
2009-06-21 07:00 . 2009-06-21 07:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-21 07:00 . 2009-06-21 07:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-21 07:00 . 2009-06-21 07:00 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-21 07:00 . 2009-06-21 23:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-21 07:00 . 2009-06-21 07:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 06:59 . 2009-06-21 06:59 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-21 06:59 . 2009-06-21 06:59 -------- d-----w- c:\program files\AVG
2009-06-21 06:59 . 2009-06-21 06:59 -------- d-----w- c:\programdata\avg8
2009-06-21 05:54 . 2009-06-21 23:23 -------- d-----w- C:\Tools-AV
2009-06-20 21:04 . 2009-06-21 05:46 117760 ----a-w- c:\users\Andre\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 20:51 . 2009-06-20 20:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-20 20:51 . 2009-06-20 20:51 -------- d-----w- c:\users\Andre\AppData\Roaming\SUPERAntiSpyware.com
2009-06-20 20:51 . 2009-06-20 20:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 18:47 . 2009-06-20 18:47 -------- d-s---w- C:\mobofix
2009-06-20 18:43 . 2009-06-20 18:43 -------- d-----w- c:\users\Andre\AppData\Roaming\Malwarebytes
2009-06-20 16:25 . 2009-06-17 01:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 16:25 . 2009-06-20 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 16:25 . 2009-06-20 16:25 -------- d-----w- c:\programdata\Malwarebytes
2009-06-20 16:25 . 2009-06-17 01:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 05:07 . 2008-06-19 07:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-20 04:54 . 2009-06-20 04:54 -------- d-----w- c:\program files\Panda Security
2009-06-20 02:32 . 2009-06-20 21:08 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-20 02:32 . 2009-06-20 21:08 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-20 02:27 . 2009-06-20 02:27 -------- d-----w- c:\program files\Kaspersky Anti-Virus 2009
2009-06-19 14:33 . 2009-06-19 14:40 -------- d-----w- c:\users\Andre\.housecall6.6
2009-06-19 14:12 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-19 14:12 . 2009-06-19 14:12 685060 ----a-w- c:\programdata\Lavasoft\Ad-Aware\ThreatWork\Submit\DivX.dll
2009-06-19 12:06 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-19 12:06 . 2009-06-19 12:06 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 12:06 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-19 12:06 . 2009-06-19 12:06 -------- d-----w- c:\programdata\Lavasoft
2009-06-19 12:06 . 2009-06-19 12:06 -------- d-----w- c:\program files\Lavasoft
2009-06-19 12:02 . 2009-06-19 12:02 -------- d-----w- c:\users\Andre\AppData\Local\Mozilla
2009-06-18 10:07 . 2009-06-18 10:07 -------- d-----w- c:\users\Andre\AppData\Roaming\Intel
2009-06-15 06:21 . 2009-06-15 06:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-08 08:22 . 2009-06-08 08:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-07 06:23 . 2009-06-21 23:41 -------- d-----w- c:\users\Andre\Tracing
2009-06-07 06:22 . 2009-06-08 08:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-07 06:22 . 2009-06-07 06:22 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-07 06:21 . 2009-02-06 08:08 55280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-06-07 06:20 . 2009-06-07 06:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-07 06:17 . 2009-06-07 06:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-07 06:15 . 2009-06-07 06:22 -------- d-----w- c:\program files\Microsoft
2009-06-07 06:15 . 2009-06-07 06:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-07 06:09 . 2009-06-07 06:09 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 00:11 . 2008-06-14 00:10 1660 ----a-w- c:\windows\bthservsdp.dat
2009-06-20 21:09 . 2008-07-25 11:18 -------- d-----w- c:\program files\Vuze
2009-06-20 21:08 . 2009-06-20 02:32 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-20 21:08 . 2009-06-20 02:32 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-20 20:50 . 2008-06-14 17:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 15:50 . 2008-06-14 00:27 -------- d-----w- c:\program files\ASUS
2009-06-20 15:50 . 2008-06-14 00:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 15:47 . 2008-06-14 00:41 -------- d-----w- c:\program files\AVerMedia
2009-06-20 00:44 . 2008-07-25 11:20 -------- d-----w- c:\users\Andre\AppData\Roaming\Azureus
2009-06-19 12:03 . 2007-06-22 09:41 335570 ----a-w- c:\windows\system32\prfh0804.dat
2009-06-19 12:03 . 2007-06-22 09:41 110218 ----a-w- c:\windows\system32\prfc0804.dat
2009-06-19 12:03 . 2007-06-22 09:30 391616 ----a-w- c:\windows\system32\perfh011.dat
2009-06-19 12:03 . 2007-06-22 09:30 110386 ----a-w- c:\windows\system32\perfc011.dat
2009-06-19 12:03 . 2007-06-22 09:20 346378 ----a-w- c:\windows\system32\prfh0404.dat
2009-06-19 12:03 . 2007-06-22 09:20 110224 ----a-w- c:\windows\system32\prfc0404.dat
2009-06-15 06:15 . 2008-10-11 12:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-08 08:22 . 2008-06-28 05:26 -------- d-----w- c:\program files\DivX
2009-06-08 05:37 . 2009-01-25 10:06 -------- d-----w- c:\users\Andre\AppData\Roaming\AltiumDesigner6
2009-06-08 00:51 . 2008-12-27 23:09 -------- d-----w- c:\users\Andre\AppData\Roaming\FrostWire
2009-06-07 17:08 . 2008-06-14 09:47 41335 ----a-w- c:\users\Andre\AppData\Roaming\nvModes.dat
2009-06-07 06:21 . 2008-06-15 08:48 -------- d-----w- c:\program files\Windows Live
2009-06-07 06:21 . 2008-06-15 09:15 -------- d-----w- c:\program files\Windows Live Toolbar
2009-05-23 12:01 . 2008-06-19 07:37 680 ----a-w- c:\users\Andre\AppData\Local\d3d9caps.dat
2009-05-14 05:30 . 2008-07-20 09:03 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 05:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 05:11 . 2009-05-09 05:10 -------- d-----w- c:\programdata\WinZip
2009-05-02 14:35 . 2008-12-04 15:56 175 ----a-w- c:\users\Andre\AppData\Roaming\Azureus\restart.bat
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 06:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA "= "c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv "= "c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"PowerForPhone "= "c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240]
"IFXSPMGT "= "c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Screen Saver Protector "= "c:\windows\ASScrPro.exe" [2008-06-14 33136]
"ASUS Camera ScreenSaver "= "c:\windows\ASScrProlog.exe" [2008-06-14 37232]
"CognizanceTS "= "c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck "= "c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan "= "c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-19 1836328]
"NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-03 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-21 1948440]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-25 4444160]
"Skytel "= "Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
"AntiSpywareOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC7890FC-5542-4874-B2F6-3FC27DF02FC8} "= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{9534930E-7A69-4C9D-98DC-F85CC57F74DC} "= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{7164DF58-95D4-4E84-8FDF-053B59FF142F} "= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{A2F77CA9-769A-4C42-BAD3-62004FD20450} "= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{EB68E0EB-0F9A-492D-A9B5-9ADE6CFFCD2C} "= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B435D4B3-FE50-4771-BEB9-4017C7656478} "= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{BF6F4E0C-4E01-4E8F-86C4-0F88C1CB2AD4}c:\\program files\\utorrent\\utorrent.exe "= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1278880B-D4EA-4D43-8F0C-D20A620F6982}c:\\program files\\utorrent\\utorrent.exe "= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9105932F-15A1-424B-BDD4-BE7252885BCA}d:\\games\\world of warcraft\\wow-2.3.0-enus-downloader.exe "= UDP:d:\games\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{C61A30B0-A3F7-49A8-8EE1-3986F27BC282}d:\\games\\world of warcraft\\wow-2.3.0-enus-downloader.exe "= TCP:d:\games\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{4F1727F1-06D9-4A0E-AD3D-0329C1B18739}d:\\games\\world of warcraft\\wow-2.4.0-enus-downloader.exe "= UDP:d:\games\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{92077853-2883-47FE-93E6-BEC54727F21D}d:\\games\\world of warcraft\\wow-2.4.0-enus-downloader.exe "= TCP:d:\games\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{F1019896-C5F7-48BA-9F1E-044D98DF35AD}d:\\games\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-enus-downloader.exe "= UDP:d:\games\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-enus-downloader.exe:Blizzard Downloader
"UDP Query User{E6E40A15-6EF1-48C5-95E3-2696DEDFF0EA}d:\\games\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-enus-downloader.exe "= TCP:d:\games\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-enus-downloader.exe:Blizzard Downloader
"TCP Query User{ECD431B0-6E24-4730-950A-70E661252928}d:\\games\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-enus-downloader.exe "= UDP:d:\games\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-enus-downloader.exe:Blizzard Downloader
"UDP Query User{322B0476-6C2D-48AC-8CF2-3650EA87B867}d:\\games\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-enus-downloader.exe "= TCP:d:\games\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-enus-downloader.exe:Blizzard Downloader
"TCP Query User{21974897-563D-4F21-849F-9836ED515A35}d:\\games\\world of warcraft\\wow-2.3.0.7561-to-2.4.0.8089-enus-downloader.exe "= UDP:d:\games\world of warcraft\wow-2.3.0.7561-to-2.4.0.8089-enus-downloader.exe:Blizzard Downloader
"UDP Query User{EDD91A53-42E4-4B4D-B64F-F7EBB9BF4567}d:\\games\\world of warcraft\\wow-2.3.0.7561-to-2.4.0.8089-enus-downloader.exe "= TCP:d:\games\world of warcraft\wow-2.3.0.7561-to-2.4.0.8089-enus-downloader.exe:Blizzard Downloader
"TCP Query User{8AF3FC26-B5D6-4D34-9B70-5326ED0315D0}c:\\program files\\limewire\\limewire.exe "= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{5E3F4EFE-6B7B-46AB-8E47-C5997CDD3A06}c:\\program files\\limewire\\limewire.exe "= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{7724F0B4-E872-4417-AB3A-E41CCBB869C6}c:\\program files\\vuze\\azureus.exe "= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D37C5F23-107A-4D63-909D-8B4A3B13A3AB}c:\\program files\\vuze\\azureus.exe "= TCP:c:\program files\vuze\azureus.exe:Azureus
"{1852DFBE-F9D2-4A4E-879F-7804054AD25D} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4BE041A4-8C7D-42A1-AADC-4DCC7ED2EDF7} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55781FEE-F0EA-41A9-93D1-FA73B1FFB0E9} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{42966A8B-28C0-4BFA-8981-D8803600D087} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{84A2B0C7-0E26-4512-8250-11A7ED08CBF6} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{271086F2-83E3-4F50-AFFD-050C28EEA099} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0C1D8F5D-641C-4891-AAC4-937FE544A003} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{BAB5156D-D6FF-4890-A6A9-C1B3366CBC0C}c:\\program files\\itunes\\itunes.exe "= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{79BF25BC-C00E-4AB3-88AD-CB4730B88F94}c:\\program files\\itunes\\itunes.exe "= TCP:c:\program files\itunes\itunes.exe:iTunes
"{CB401483-0E4D-409A-BDC1-C90F787F249C} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CC3F9232-2080-4761-9E0F-4A5C64C2E2BE} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{8D7E0989-4C05-44AD-A137-C473E373DE80}c:\\program files\\electronic arts\\eadm\\core.exe "= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{2242D9AD-3D1D-4AB6-801E-32841773B12C}c:\\program files\\electronic arts\\eadm\\core.exe "= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{26733F79-2868-403E-9687-0579AFD2003A} "= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{B86C998C-E5FF-4B0C-A343-89BC6FC2BAC6} "= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{47F68752-8972-4800-B444-FDCCFAFEA255} "= UDP:3724:Blizzard Downloader: 3724
"{299B0FB4-A0C6-4A84-9A7A-7FD2E6DC4A88} "= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:Blizzard Downloader
"{E8EC1E56-F228-431C-BA65-30776D8F69D7} "= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:Blizzard Downloader
"{A09149F6-88CB-4F55-9111-4D1D9FBF9021} "= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{B51813BD-7391-4A76-8057-DCCA66DFF779} "= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{CDD50B3C-DFAA-4A84-B3E8-726E2C127E39}c:\\program files\\curse\\curseclient.exe "= UDP:c:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{CE775DD4-DCD3-4ED4-B57D-678C59A02404}c:\\program files\\curse\\curseclient.exe "= TCP:c:\program files\curse\curseclient.exe:CurseClient
"{FF2D9909-C4D1-47AB-84E8-7EF37CD4C48B} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{95911B29-5FCC-4A9B-BD33-5F725F1D71F6} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{BBD09D5D-274E-44C0-A4EA-2ED928A8E912}c:\\program files\\limewire\\limewire.exe "= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FB8DC4A2-93A5-4BE8-B54B-48874A553FA4}c:\\program files\\limewire\\limewire.exe "= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{ABE7F28E-F448-499E-81D4-D54D80C1A21F}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{6C6FA827-7B2F-410B-B6A2-622BE74368E5}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{A44140F0-4C38-4A72-B684-AD96641EA687}c:\\program files\\altium designer 6\\dxp.exe "= UDP:c:\program files\altium designer 6\dxp.exeXP
"UDP Query User{B2E25066-C682-4C8D-8C09-DBF9E0643404}c:\\program files\\altium designer 6\\dxp.exe "= TCP:c:\program files\altium designer 6\dxp.exeXP
"TCP Query User{43B571F1-3E46-4E7D-ACBC-0888D75B2627}d:\\games\\world of warcraft\\launcher.exe "= UDP:d:\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{02293E8F-8FBA-4B65-8573-D0F48FAFC622}d:\\games\\world of warcraft\\launcher.exe "= TCP:d:\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{392E37C8-3426-4E4B-AAD5-AAB1C04659E5}c:\\program files\\altium designer 6\\dxp.exe "= UDP:c:\program files\altium designer 6\dxp.exeXP
"UDP Query User{69E8D8EE-F3EC-42AD-9011-B8872C5837B8}c:\\program files\\altium designer 6\\dxp.exe "= TCP:c:\program files\altium designer 6\dxp.exeXP
"{8CC89B75-4C84-47B5-BBED-F65B02351232} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{02A11A6F-AD41-47BC-8ADA-D808F3E0FF03}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8731F319-BBF5-4F59-B096-822413A34471}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{146B8181-D05D-4F6E-8BCB-6FA6A304C9BD} "= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0EAF77B7-5399-4725-B186-8DFF35D7E64F} "= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [14/06/2008 10:52 AM 208896]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19/06/2009 10:06 PM 64160]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [20/06/2009 3:07 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/06/2009 5:00 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21/06/2009 5:00 PM 108552]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [17/05/2006 3:14 AM 23496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23/01/2007 10:07 PM 39080]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 altio;altio;c:\windows\System32\altio.sys [26/05/2004 7:56 PM 3200]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [22/06/2008 2:37 AM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [22/06/2008 2:37 AM 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/06/2009 4:59 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 5:06 AM 951632]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [14/06/2008 10:48 AM 24576]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [14/06/2008 10:47 AM 48128]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\System32\drivers\averhbtv.sys [14/06/2008 10:41 AM 299904]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [14/06/2008 10:48 AM 1260672]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [7/06/2009 4:21 PM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 6:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - c:\users\Andre\Desktop\Steam\Steam.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\acgmkil8.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 10:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(788)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3880)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\wlanext.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
c:\windows\System32\IFXTCS.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IfxPsdSv.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\IfxUAGUI.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-06-22 10:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 00:22

Pre-Run: 41,012,137,984 bytes free
Post-Run: 40,677,679,104 bytes free

368 --- E O F --- 2009-06-08 08:24

broni · 2009/06/22

I'll return to analyzing your Combofix log, but I need to ask you a question first.
What are your current security programs (AV, firewall), because I can see some Norton, and AVG traces, but neither of them seems to be up to date, and running?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

andre123 · 2009/06/22

norton was installed but wasn't full verson, 3 month trial that came with the laptop. avg was installed recently after the suspicions of the virus began but I couldn't update it cause of my net speed.. also used windows firewall and ad-aware

Log in or Sign up

Solved Possible malware problem (from fake codec)

andre123 Inactive Thread Starter

PeteC SuperGeek Staff

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

andre123 Inactive Thread Starter

andre123 Inactive Thread Starter

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Possible malware problem (from fake codec)

andre123 Inactive Thread Starter

PeteC SuperGeek Staff

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

andre123 Inactive Thread Starter

andre123 Inactive Thread Starter

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

broni Moderator Malware Analyst

andre123 Inactive Thread Starter

Share This Page

Useful Searches