Active Malware Combofix & hijackthis text files

dariene · 2009/11/06

[Active] Malware Combofix & hijackthis text files

Combofix text

ComboFix 09-11-06.01 - Administrator 11/06/2009 21:54.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.466 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091106-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 01:43 . 2009-11-07 01:43 -------- d-----w- c:\program files\AhnLab
2009-10-31 03:25 . 2009-10-31 03:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xerixe
2009-10-31 02:00 . 2009-08-06 03:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-31 02:00 . 2009-10-31 02:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-31 01:59 . 2009-10-31 01:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-30 21:55 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\5e132.dll
2009-10-30 21:55 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\1ca97312.dll
2009-10-29 01:29 . 2009-10-29 01:29 -------- d-----w- c:\program files\Trend Micro
2009-10-27 22:17 . 2009-10-27 22:17 597 ----a-w- c:\windows\winconfig.vbs
2009-10-27 01:00 . 2009-10-27 01:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-26 20:53 . 2009-10-26 20:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2009-10-23 21:48 . 2009-10-31 13:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-10-21 00:45 . 2009-10-21 01:01 -------- d-----w- c:\program files\a-squared Free
2009-10-17 15:05 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-16 22:50 . 2009-10-16 22:50 -------- d--h--w- c:\windows\PIF
2009-10-16 21:04 . 2009-10-16 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Publish Providers
2009-10-16 03:23 . 2009-11-04 03:44 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-16 03:22 . 2009-10-16 03:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2009-10-12 18:37 . 2009-10-12 18:37 -------- d-----w- c:\program files\Exhort Network

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 03:49 . 2009-02-27 00:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-07 03:49 . 2009-02-27 00:26 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-06 21:42 . 2009-01-30 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-04 03:51 . 2009-02-06 14:44 -------- d-----w- c:\program files\dl_Cats
2009-11-03 01:30 . 2009-02-10 19:30 -------- d-----w- c:\program files\Cheat Engine
2009-10-31 03:04 . 2009-02-24 22:58 -------- d-----w- c:\program files\OGPlanet
2009-10-31 02:00 . 2009-02-01 12:59 -------- d-----w- c:\program files\Windows Live
2009-10-29 21:27 . 2009-02-04 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-10-25 14:46 . 2009-02-07 07:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-25 14:44 . 2009-02-07 07:07 -------- d-----w- c:\program files\Norton Security Scan
2009-10-25 14:41 . 2009-01-31 13:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 15:14 . 2009-05-01 02:03 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-17 15:14 . 2009-05-01 01:57 -------- d-----w- c:\program files\MSECACHE
2009-10-17 00:52 . 2009-02-27 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 22:10 . 2009-02-01 14:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony
2009-10-14 22:04 . 2009-01-30 19:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 02:46 . 2009-03-20 01:53 510472 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-06 22:02 . 2009-01-30 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 22:01 . 2009-10-05 01:06 -------- d-----w- c:\program files\Eudemons Online
2009-10-04 15:08 . 2009-10-04 15:08 -------- d-----w- c:\program files\ijji
2009-10-03 17:27 . 2009-10-03 17:27 -------- d-----w- c:\program files\GLSoft
2009-10-01 15:29 . 2009-10-02 21:20 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 02:29 . 2009-10-01 02:29 -------- d-----w- c:\program files\HyCam2
2009-09-30 02:11 . 2009-09-30 02:11 -------- d-----w- c:\program files\Microsoft
2009-09-28 01:04 . 2009-01-30 18:06 88952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 00:53 . 2009-09-24 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-25 01:33 . 2009-09-25 01:33 -------- d-----w- c:\program files\JRE
2009-09-25 01:33 . 2009-09-25 01:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-25 01:32 . 2009-03-29 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 01:01 . 2009-09-25 01:01 341140 ----a-w- c:\documents and settings\All Users\SPL15D.tmp
2009-09-24 02:29 . 2009-09-24 02:29 245396 ----a-w- c:\documents and settings\All Users\SPLF.tmp
2009-09-20 00:57 . 2009-03-21 19:53 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-17 01:19 . 2009-09-17 01:15 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-09-17 01:19 . 2009-02-06 21:35 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-09-17 01:19 . 2009-02-06 21:35 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-09-17 01:19 . 2009-02-06 21:35 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-09-17 01:19 . 2009-02-06 21:35 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-09-17 01:19 . 2009-02-06 21:35 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-09-12 02:13 . 2009-08-10 01:23 -------- d-----r- c:\program files\Skype
2009-09-12 02:13 . 2009-08-10 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-11 14:18 . 2006-10-01 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 20:56 . 2009-04-18 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 16:03 . 2009-03-29 14:50 37 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-09-05 15:49 . 2009-09-03 15:40 45 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2009-09-04 21:03 . 2006-10-01 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 20:17 . 2009-09-02 03:35 4451 ----a-w- c:\windows\unins000.dat
2009-09-02 20:17 . 2009-09-02 03:35 695642 ----a-w- c:\windows\unins000.exe
2009-08-31 22:19 . 2009-08-31 22:19 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\nxgamejp.dll
2009-08-31 22:19 . 2009-08-31 22:19 552960 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\NGMDll.dll
2009-08-31 22:19 . 2009-08-31 22:19 311296 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\NGMResource.dll
2009-08-31 22:19 . 2009-08-31 22:19 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\unicows.dll
2009-08-31 22:19 . 2009-08-31 22:19 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\NGM.exe
2009-08-29 08:08 . 2006-10-01 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 02:48 . 2009-03-22 16:50 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-26 08:00 . 2006-10-01 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-01-30 19:00 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-30 19:01 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-30 19:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-30 19:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-30 19:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-30 19:01 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-30 19:01 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-30 19:01 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-30 19:01 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 01:24 . 2009-08-10 01:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_22.38.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-01 12:00 . 2009-11-05 22:24 72194 c:\windows\system32\perfc009.dat
+ 2006-10-01 12:00 . 2009-11-07 03:55 72194 c:\windows\system32\perfc009.dat
+ 2009-11-07 03:50 . 2009-11-07 03:50 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_628.dat
+ 2009-11-07 03:19 . 2009-11-07 03:19 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_608.dat
+ 2006-10-01 12:00 . 2009-11-07 03:55 443920 c:\windows\system32\perfh009.dat
- 2006-10-01 12:00 . 2009-11-05 22:24 443920 c:\windows\system32\perfh009.dat
+ 2009-11-07 03:50 . 2008-12-17 03:59 109080 c:\windows\system32\config\systemprofile\Local Settings\Temp\logishrd\LVPrcInj01.dll
- 2009-11-05 22:20 . 2008-12-17 03:59 109080 c:\windows\system32\config\systemprofile\Local Settings\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-14 2000112]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Pando Media Booster "= "c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-29 2923192]
"Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-23 133104]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Google Quick Search Box "= "c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-19 68592]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 149280]
"DLCGCATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe [2009-1-30 11354112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 12:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\dlcgcoms.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Persona\\Persona.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\WINDOWS\\Downloaded Program Files\\ExLauncher.exe "=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonJP\\NGM\\NGM.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57529:TCP "= 57529:TCPando Media Booster
"57529:UDP "= 57529:UDPando Media Booster
"56157:TCP "= 56157:TCPando Media Booster
"56157:UDP "= 56157:UDPando Media Booster
"56786:TCP "= 56786:TCPando Media Booster
"56786:UDP "= 56786:UDPando Media Booster
"56594:TCP "= 56594:TCPando Media Booster
"56594:UDP "= 56594:UDPando Media Booster
"56892:TCP "= 56892:TCPando Media Booster
"56892:UDP "= 56892:UDPando Media Booster
"57464:TCP "= 57464:TCPando Media Booster
"57464:UDP "= 57464:UDPando Media Booster
"57176:TCP "= 57176:TCPando Media Booster
"57176:UDP "= 57176:UDPando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/30/2009 1:01 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 10:17 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 10:17 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/30/2009 1:01 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/30/2009 8:00 PM 54752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/5/2009 5:19 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 1:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 10:17 AM 7408]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/16/2009 7:10 AM 234888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 KXerixeHacker;KXerixeHacker;\??\c:\documents and settings\Administrator\Desktop\kXerixeHacker.sys --> c:\documents and settings\Administrator\Desktop\kXerixeHacker.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:50]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-789336058-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-23 21:48]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-789336058-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-23 21:48]

2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - hxxp://www.flashants.com/codebase/fmplayer.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8584B1F8]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-789336058-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,ec,ce,68,85,9c,78,43,a1,b1,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,ec,ce,68,85,9c,78,43,a1,b1,5b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,24,3f,e1,f0,17,7e,42,b9,87,ab,\

[HKEY_USERS\S-1-5-21-1993962763-789336058-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-07 22:08
ComboFix-quarantined-files.txt 2009-11-07 04:08

Pre-Run: 103,924,563,968 bytes free
Post-Run: 103,885,295,616 bytes free

- - End Of File - - A155AA4331FDB65D323BCB8B68D85E80

hijackthis text

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:05 PM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\stsystra.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\windows\system32\svchost.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; MSN Optimized;US)" - "http://habbzhotel.ath.cx/client.php "
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1233340450953
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} (CsLauncher Class) - http://hb.getamped.com/start/CsLauncher.cab
O16 - DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} (UpdateAgent Class) - http://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12587 bytes

broni · 2009/11/06

What's wrong with the computer?

Read this post, then post the requested log(s).

dariene · 2009/11/07

Re:

DDS.txt

DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 12:03:53.59 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.272 [GMT -6:00]

AV: avast! antivirus 4.8.1351 [VPS 091107-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\stsystra.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
svchost.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; MSN Optimized;US)" - "http://habbzhotel.ath.cx/client.php "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-142\wirelesscm.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - hxxp://www.flashants.com/codebase/fmplayer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233340450953
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-30 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-30 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-30 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-5 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-16 234888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 KXerixeHacker;KXerixeHacker;\??\c:\documents and settings\administrator\desktop\kxerixehacker.sys --> c:\documents and settings\administrator\desktop\kXerixeHacker.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-11-19 25216]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]

=============== Created Last 30 ================

2009-11-07 01:43:15 0 d-----w- c:\program files\AhnLab
2009-11-03 23:57:10 137 ----a-w- C:\HotBotSettings.ini
2009-10-31 02:00:36 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-31 01:59:03 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-31 01:19:49 98816 ----a-w- c:\windows\sed.exe
2009-10-31 01:19:49 77312 ----a-w- c:\windows\MBR.exe
2009-10-31 01:19:49 267264 ----a-w- c:\windows\PEV.exe
2009-10-31 01:19:49 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 21:55:58 82432 ---h-tw- c:\windows\system32\5e132.dll
2009-10-30 21:55:58 82432 ---h-tw- c:\windows\system32\1ca97312.dll
2009-10-30 02:59:21 326 ----a-w- c:\windows\ABotSettings.ini
2009-10-29 01:29:37 0 d-----w- c:\program files\Trend Micro
2009-10-29 01:13:46 266240 ----a-w- c:\windows\system32\OGPIEPlugin.ocx
2009-10-27 22:17:49 597 ----a-w- c:\windows\winconfig.vbs
2009-10-24 19:22:57 549 ----a-w- C:\MapleConfig.cfg
2009-10-21 00:45:05 0 d-----w- c:\program files\a-squared Free
2009-10-17 15:05:29 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-16 22:50:30 0 d--h--w- c:\windows\PIF
2009-10-16 03:22:40 0 d-----w- c:\docume~1\admini~1\applic~1\OpenOffice.org
2009-10-12 18:37:28 0 d-----w- c:\program files\Exhort Network

==================== Find3M ====================

2009-11-07 18:00:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-07 17:59:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 15:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 01:32:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 16:03:51 37 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2009-09-05 15:49:41 45 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-02 20:17:22 4451 ----a-w- c:\windows\unins000.dat
2009-09-02 20:17:18 695642 ----a-w- c:\windows\unins000.exe
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 12:04:18.84 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2009 11:58:49 AM
System Uptime: 11/7/2009 12:59:35 PM (0 hours ago)

Motherboard: Dell Inc | | 0HY175
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket M2 | 2204/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 102.488 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP353: 10/4/2009 5:11:54 PM - Software Distribution Service 3.0
RP354: 10/4/2009 6:21:54 PM - Software Distribution Service 3.0
RP355: 10/4/2009 6:23:12 PM - Software Distribution Service 3.0
RP356: 10/4/2009 6:49:24 PM - Software Distribution Service 3.0
RP357: 10/4/2009 8:05:57 PM - Installed Eudemons Online
RP358: 10/4/2009 8:06:02 PM - Installed Eudemons Online
RP359: 10/4/2009 10:01:55 PM - Software Distribution Service 3.0
RP360: 10/5/2009 8:03:40 AM - Software Distribution Service 3.0
RP361: 10/5/2009 8:10:58 AM - Software Distribution Service 3.0
RP362: 10/5/2009 4:22:44 PM - Software Distribution Service 3.0
RP363: 10/5/2009 8:00:35 PM - Software Distribution Service 3.0
RP364: 10/6/2009 4:06:43 PM - Software Distribution Service 3.0
RP365: 10/6/2009 4:59:01 PM - Removed Eudemons Online
RP366: 10/6/2009 4:59:08 PM - Removed Eudemons Online
RP367: 10/7/2009 8:20:02 AM - Software Distribution Service 3.0
RP368: 10/7/2009 5:45:24 PM - Software Distribution Service 3.0
RP369: 10/7/2009 7:10:17 PM - Software Distribution Service 3.0
RP370: 10/7/2009 9:45:58 PM - Software Distribution Service 3.0
RP371: 10/8/2009 5:46:59 PM - Software Distribution Service 3.0
RP372: 10/8/2009 10:05:15 PM - Software Distribution Service 3.0
RP373: 10/9/2009 8:30:30 AM - Software Distribution Service 3.0
RP374: 10/9/2009 4:48:15 PM - Software Distribution Service 3.0
RP375: 10/9/2009 4:56:32 PM - Software Distribution Service 3.0
RP376: 10/9/2009 5:09:57 PM - Software Distribution Service 3.0
RP377: 10/9/2009 5:15:09 PM - Software Distribution Service 3.0
RP378: 10/10/2009 12:01:57 AM - Software Distribution Service 3.0
RP379: 10/10/2009 12:22:42 AM - Software Distribution Service 3.0
RP380: 10/10/2009 1:50:53 AM - Software Distribution Service 3.0
RP381: 10/10/2009 3:23:22 PM - Software Distribution Service 3.0
RP382: 10/10/2009 4:09:07 PM - Software Distribution Service 3.0
RP383: 10/11/2009 9:50:01 AM - Software Distribution Service 3.0
RP384: 10/11/2009 3:05:54 PM - Software Distribution Service 3.0
RP385: 10/12/2009 9:38:06 AM - Software Distribution Service 3.0
RP386: 10/12/2009 3:33:22 PM - Software Distribution Service 3.0
RP387: 10/13/2009 8:08:02 PM - Installed WonderKing.
RP388: 10/13/2009 8:15:25 PM - Software Distribution Service 3.0
RP389: 10/13/2009 8:55:16 PM - Software Distribution Service 3.0
RP390: 10/13/2009 9:04:03 PM - Software Distribution Service 3.0
RP391: 10/14/2009 4:36:50 PM - Installed Nanovor
RP392: 10/14/2009 4:47:37 PM - Software Distribution Service 3.0
RP393: 10/14/2009 5:17:07 PM - Software Distribution Service 3.0
RP394: 10/14/2009 5:24:27 PM - Software Distribution Service 3.0
RP395: 10/14/2009 5:30:18 PM - Software Distribution Service 3.0
RP396: 10/14/2009 5:37:51 PM - Software Distribution Service 3.0
RP397: 10/14/2009 5:45:39 PM - Software Distribution Service 3.0
RP398: 10/14/2009 5:53:43 PM - Software Distribution Service 3.0
RP399: 10/14/2009 5:57:40 PM - Software Distribution Service 3.0
RP400: 10/14/2009 6:24:40 PM - Software Distribution Service 3.0
RP401: 10/14/2009 6:39:15 PM - Software Distribution Service 3.0
RP402: 10/14/2009 6:48:06 PM - Software Distribution Service 3.0
RP403: 10/14/2009 7:08:12 PM - Software Distribution Service 3.0
RP404: 10/14/2009 7:25:54 PM - Software Distribution Service 3.0
RP405: 10/14/2009 7:38:48 PM - Software Distribution Service 3.0
RP406: 10/14/2009 7:43:08 PM - Software Distribution Service 3.0
RP407: 10/14/2009 8:10:36 PM - Software Distribution Service 3.0
RP408: 10/14/2009 8:25:59 PM - Software Distribution Service 3.0
RP409: 10/14/2009 8:42:54 PM - Software Distribution Service 3.0
RP410: 10/14/2009 9:00:59 PM - Software Distribution Service 3.0
RP411: 10/14/2009 9:22:43 PM - Software Distribution Service 3.0
RP412: 10/14/2009 9:34:25 PM - Software Distribution Service 3.0
RP413: 10/14/2009 10:21:59 PM - Software Distribution Service 3.0
RP414: 10/15/2009 7:55:40 AM - Software Distribution Service 3.0
RP415: 10/15/2009 4:17:53 PM - Software Distribution Service 3.0
RP416: 10/15/2009 4:48:31 PM - Software Distribution Service 3.0
RP417: 10/15/2009 10:53:36 PM - Software Distribution Service 3.0
RP418: 10/16/2009 3:49:57 PM - Software Distribution Service 3.0
RP419: 10/16/2009 4:04:54 PM - Software Distribution Service 3.0
RP420: 10/16/2009 4:11:32 PM - Software Distribution Service 3.0
RP421: 10/16/2009 5:06:41 PM - Software Distribution Service 3.0
RP422: 10/16/2009 5:13:49 PM - Software Distribution Service 3.0
RP423: 10/16/2009 5:29:37 PM - Software Distribution Service 3.0
RP424: 10/16/2009 5:47:45 PM - Software Distribution Service 3.0
RP425: 10/16/2009 6:14:00 PM - Software Distribution Service 3.0
RP426: 10/16/2009 6:28:19 PM - Installed Windows Live Communications Platform
RP427: 10/16/2009 6:30:21 PM - Software Distribution Service 3.0
RP428: 10/16/2009 6:35:04 PM - Software Distribution Service 3.0
RP429: 10/16/2009 6:45:59 PM - Software Distribution Service 3.0
RP430: 10/16/2009 6:59:40 PM - Software Distribution Service 3.0
RP431: 10/16/2009 7:18:30 PM - Software Distribution Service 3.0
RP432: 10/16/2009 7:28:35 PM - Removed Nanovor
RP433: 10/16/2009 7:36:40 PM - Software Distribution Service 3.0
RP434: 10/16/2009 7:44:19 PM - Software Distribution Service 3.0
RP435: 10/16/2009 8:02:21 PM - Software Distribution Service 3.0
RP436: 10/16/2009 8:14:46 PM - Software Distribution Service 3.0
RP437: 10/16/2009 8:44:47 PM - Software Distribution Service 3.0
RP438: 10/16/2009 8:56:31 PM - Software Distribution Service 3.0
RP439: 10/16/2009 9:05:35 PM - Software Distribution Service 3.0
RP440: 10/16/2009 9:20:20 PM - Software Distribution Service 3.0
RP441: 10/16/2009 9:25:20 PM - Software Distribution Service 3.0
RP442: 10/16/2009 9:39:55 PM - Software Distribution Service 3.0
RP443: 10/16/2009 9:52:46 PM - Software Distribution Service 3.0
RP444: 10/16/2009 9:59:03 PM - Installed Windows Installer Clean Up
RP445: 10/16/2009 10:00:47 PM - Software Distribution Service 3.0
RP446: 10/16/2009 10:07:58 PM - Software Distribution Service 3.0
RP447: 10/17/2009 9:39:18 AM - Software Distribution Service 3.0
RP448: 10/17/2009 9:55:17 AM - Software Distribution Service 3.0
RP449: 10/17/2009 9:59:38 AM - Software Distribution Service 3.0
RP450: 10/17/2009 10:14:49 AM - Installed Windows Installer Clean Up
RP451: 10/17/2009 10:35:56 AM - Installed WonderKing.
RP452: 10/17/2009 1:25:58 PM - Software Distribution Service 3.0
RP453: 10/17/2009 10:21:40 PM - Software Distribution Service 3.0
RP454: 10/17/2009 11:02:17 PM - Software Distribution Service 3.0
RP455: 10/17/2009 11:19:17 PM - Software Distribution Service 3.0
RP456: 10/18/2009 9:03:10 AM - Software Distribution Service 3.0
RP457: 10/18/2009 10:20:13 PM - Software Distribution Service 3.0
RP458: 10/19/2009 8:08:11 AM - Software Distribution Service 3.0
RP459: 10/19/2009 9:31:45 PM - Software Distribution Service 3.0
RP460: 10/20/2009 8:27:42 AM - Software Distribution Service 3.0
RP461: 10/20/2009 3:48:35 PM - Software Distribution Service 3.0
RP462: 10/20/2009 7:37:53 PM - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP463: 10/20/2009 7:38:49 PM - Advanced Registry Optimizer Tue, Oct 20, 09 19:38
RP464: 10/20/2009 8:40:34 PM - Software Distribution Service 3.0
RP465: 10/20/2009 9:35:17 PM - Software Distribution Service 3.0
RP466: 10/21/2009 8:05:12 AM - Software Distribution Service 3.0
RP467: 10/21/2009 10:30:38 PM - Software Distribution Service 3.0
RP468: 10/22/2009 8:28:36 AM - Software Distribution Service 3.0
RP469: 10/22/2009 5:32:42 PM - Software Distribution Service 3.0
RP470: 10/22/2009 9:08:13 PM - Software Distribution Service 3.0
RP471: 10/22/2009 9:13:39 PM - Software Distribution Service 3.0
RP472: 10/22/2009 11:23:55 PM - Software Distribution Service 3.0
RP473: 10/23/2009 8:09:00 PM - Software Distribution Service 3.0
RP474: 10/23/2009 10:01:26 PM - Software Distribution Service 3.0
RP475: 10/24/2009 2:07:56 PM - Windows Defender Checkpoint
RP476: 10/24/2009 5:34:59 PM - Software Distribution Service 3.0
RP477: 10/24/2009 11:27:32 PM - Software Distribution Service 3.0
RP478: 10/24/2009 11:49:17 PM - Software Distribution Service 3.0
RP479: 10/25/2009 9:45:31 AM - Software Distribution Service 3.0
RP480: 10/25/2009 10:01:07 PM - Software Distribution Service 3.0
RP481: 10/26/2009 8:34:12 AM - Software Distribution Service 3.0
RP482: 10/26/2009 6:04:34 PM - Software Distribution Service 3.0
RP483: 10/26/2009 6:08:20 PM - Software Distribution Service 3.0
RP484: 10/26/2009 6:28:04 PM - Software Distribution Service 3.0
RP485: 10/26/2009 7:02:33 PM - Software Distribution Service 3.0
RP486: 10/26/2009 8:22:48 PM - Software Distribution Service 3.0
RP487: 10/26/2009 9:29:45 PM - Software Distribution Service 3.0
RP488: 10/27/2009 8:27:46 AM - Software Distribution Service 3.0
RP489: 10/27/2009 9:50:37 PM - Software Distribution Service 3.0
RP490: 10/28/2009 8:16:14 AM - Software Distribution Service 3.0
RP491: 10/28/2009 6:15:46 PM - Software Distribution Service 3.0
RP492: 10/28/2009 8:39:40 PM - Software Distribution Service 3.0
RP493: 10/28/2009 8:45:23 PM - Software Distribution Service 3.0
RP494: 10/28/2009 10:07:55 PM - Software Distribution Service 3.0
RP495: 10/29/2009 8:22:41 AM - Software Distribution Service 3.0
RP496: 10/29/2009 8:30:17 AM - Software Distribution Service 3.0
RP497: 10/29/2009 5:10:49 PM - Installed MapleStory.
RP498: 10/29/2009 5:43:12 PM - Software Distribution Service 3.0
RP499: 10/29/2009 10:06:10 PM - Software Distribution Service 3.0
RP500: 10/29/2009 10:12:22 PM - Software Distribution Service 3.0
RP501: 10/30/2009 8:32:20 AM - Software Distribution Service 3.0
RP502: 10/30/2009 8:59:14 PM - Installed DirectX
RP503: 10/30/2009 11:26:07 PM - Software Distribution Service 3.0
RP504: 10/31/2009 8:49:40 AM - Software Distribution Service 3.0
RP505: 10/31/2009 9:30:25 AM - Removed ijji REACTOR
RP506: 10/31/2009 9:32:02 AM - Software Distribution Service 3.0
RP507: 10/31/2009 3:31:40 PM - Software Distribution Service 3.0
RP508: 10/31/2009 10:59:20 PM - Software Distribution Service 3.0
RP509: 11/1/2009 10:12:45 AM - Software Distribution Service 3.0
RP510: 11/1/2009 10:24:19 AM - Software Distribution Service 3.0
RP511: 11/1/2009 9:53:52 PM - Software Distribution Service 3.0
RP512: 11/2/2009 12:02:12 AM - Software Distribution Service 3.0
RP513: 11/2/2009 10:49:00 PM - Software Distribution Service 3.0
RP514: 11/3/2009 9:28:59 AM - Software Distribution Service 3.0
RP515: 11/3/2009 11:03:00 PM - Software Distribution Service 3.0
RP516: 11/4/2009 9:32:46 AM - Software Distribution Service 3.0
RP517: 11/4/2009 11:24:21 PM - Software Distribution Service 3.0
RP518: 11/5/2009 1:28:53 PM - Software Distribution Service 3.0
RP519: 11/5/2009 6:39:59 PM - Software Distribution Service 3.0
RP520: 11/5/2009 11:07:17 PM - Software Distribution Service 3.0
RP521: 11/7/2009 12:31:41 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Moyea SWF to Video Converter Standard version 3.5.1.6
µTorrent
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
AIM 6
AIM Toolbar
Ask Toolbar
avast! Antivirus
CamStudio
CCleaner (remove only)
Cheat Engine 5.5
Chinese (Simplified) Language Support
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PhotoNow
D-Link RangeBooster N DWA-142
Download Updater (AOL LLC)
Fraps (remove only)
Google Chrome
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Huffyuv AVI lossless video codec (Remove Only)
Hybrid Downloader 1,0,2,6
HyperCam 2
Japanese Language Support
Junk Mail filter update
Korean Language Support
La Tale
Lagarith Lossless Codec (1.3.20)
Lagarith lossless video codec (Remove Only)
Logitech QuickCam Driver Package
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
MSVCRT
Neffy 1,2,1,11
NVIDIA Drivers
OGPlanet Game Launcher
Pando Media Booster
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SigmaTel Audio
Super Smash Flash EXE Version 1.0
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VDownloader 0.83
version 5.0.0
Viewpoint Media Player
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WonderKing
XML Paper Specification Shared Components Pack 1.0
Yrefresher 1.00

==== Event Viewer Messages From Past Week ========

11/2/2009 6:18:20 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
11/1/2009 10:24:33 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
11/1/2009 10:13:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417).
11/1/2009 10:08:33 AM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 00195B094F9A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/31/2009 10:59:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

==== End Of File ===========================

broni · 2009/11/07

What's wrong with the computer?
Click to expand...

......

dariene · 2009/11/07

Re:

I can't download anything and login into anything.

broni · 2009/11/07

Make sure, you allow recovery console installation on next Combofix run.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\5e132.dll
c:\windows\system32\1ca97312.dll
c:\windows\winconfig.vbs
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\documents and settings\All Users\SPL15D.tmp
c:\documents and settings\All Users\SPLF.tmp
c:\windows\unins000.dat
c:\windows\unins000.exe
c:\windows\system32\ezsidmv.dat
c:\documents and settings\Administrator\Desktop\kXerixeHacker.sys
c:\windows\system32\XDva224.sys
c:\windows\system32\XDva225.sys
c:\windows\system32\XDva285.sys
c:\windows\system32\XDva296.sys


Folder::

Driver::
KXerixeHacker
XDva224
XDva225
XDva285
XDva296


Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

dariene · 2009/11/07

Btw,i let recovery console install but the text logs doesn't say it.

broni · 2009/11/07

OK, go ahead...

dariene · 2009/11/07

Re:

ComboFix 09-11-07.02 - Administrator 11/07/2009 12:57.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.501 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091107-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 01:43 . 2009-11-07 01:43 -------- d-----w- c:\program files\AhnLab
2009-10-31 03:25 . 2009-10-31 03:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xerixe
2009-10-31 02:00 . 2009-08-06 03:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-31 02:00 . 2009-10-31 02:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-31 01:59 . 2009-10-31 01:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-30 21:55 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\5e132.dll
2009-10-30 21:55 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\1ca97312.dll
2009-10-29 01:29 . 2009-10-29 01:29 -------- d-----w- c:\program files\Trend Micro
2009-10-27 22:17 . 2009-10-27 22:17 597 ----a-w- c:\windows\winconfig.vbs
2009-10-27 01:00 . 2009-10-27 01:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-26 20:53 . 2009-10-26 20:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2009-10-23 21:48 . 2009-10-31 13:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-10-21 00:45 . 2009-10-21 01:01 -------- d-----w- c:\program files\a-squared Free
2009-10-17 15:05 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-16 22:50 . 2009-10-16 22:50 -------- d--h--w- c:\windows\PIF
2009-10-16 21:04 . 2009-10-16 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Publish Providers
2009-10-16 03:23 . 2009-11-04 03:44 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-16 03:22 . 2009-10-16 03:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2009-10-12 18:37 . 2009-10-12 18:37 -------- d-----w- c:\program files\Exhort Network

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 18:00 . 2009-02-27 00:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-07 17:59 . 2009-02-27 00:26 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-07 14:40 . 2009-01-31 13:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-06 21:42 . 2009-01-30 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-04 03:51 . 2009-02-06 14:44 -------- d-----w- c:\program files\dl_Cats
2009-11-03 01:30 . 2009-02-10 19:30 -------- d-----w- c:\program files\Cheat Engine
2009-10-31 03:04 . 2009-02-24 22:58 -------- d-----w- c:\program files\OGPlanet
2009-10-31 02:00 . 2009-02-01 12:59 -------- d-----w- c:\program files\Windows Live
2009-10-29 21:27 . 2009-02-04 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-10-25 14:46 . 2009-02-07 07:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-25 14:44 . 2009-02-07 07:07 -------- d-----w- c:\program files\Norton Security Scan
2009-10-17 15:14 . 2009-05-01 02:03 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-17 15:14 . 2009-05-01 01:57 -------- d-----w- c:\program files\MSECACHE
2009-10-17 00:52 . 2009-02-27 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 22:10 . 2009-02-01 14:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony
2009-10-14 22:04 . 2009-01-30 19:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 02:46 . 2009-03-20 01:53 510472 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-06 22:02 . 2009-01-30 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 22:01 . 2009-10-05 01:06 -------- d-----w- c:\program files\Eudemons Online
2009-10-04 15:08 . 2009-10-04 15:08 -------- d-----w- c:\program files\ijji
2009-10-03 17:27 . 2009-10-03 17:27 -------- d-----w- c:\program files\GLSoft
2009-10-01 15:29 . 2009-10-02 21:20 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 02:29 . 2009-10-01 02:29 -------- d-----w- c:\program files\HyCam2
2009-09-30 02:11 . 2009-09-30 02:11 -------- d-----w- c:\program files\Microsoft
2009-09-28 01:04 . 2009-01-30 18:06 88952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 00:53 . 2009-09-24 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-25 01:33 . 2009-09-25 01:33 -------- d-----w- c:\program files\JRE
2009-09-25 01:33 . 2009-09-25 01:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-25 01:32 . 2009-03-29 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 01:01 . 2009-09-25 01:01 341140 ----a-w- c:\documents and settings\All Users\SPL15D.tmp
2009-09-24 02:29 . 2009-09-24 02:29 245396 ----a-w- c:\documents and settings\All Users\SPLF.tmp
2009-09-20 00:57 . 2009-03-21 19:53 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-17 01:19 . 2009-09-17 01:15 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-09-17 01:19 . 2009-02-06 21:35 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-09-17 01:19 . 2009-02-06 21:35 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-09-17 01:19 . 2009-02-06 21:35 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-09-17 01:19 . 2009-02-06 21:35 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-09-17 01:19 . 2009-02-06 21:35 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-09-12 02:13 . 2009-08-10 01:23 -------- d-----r- c:\program files\Skype
2009-09-12 02:13 . 2009-08-10 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-11 14:18 . 2006-10-01 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 20:56 . 2009-04-18 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 16:03 . 2009-03-29 14:50 37 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-09-05 15:49 . 2009-09-03 15:40 45 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2009-09-04 21:03 . 2006-10-01 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 20:17 . 2009-09-02 03:35 4451 ----a-w- c:\windows\unins000.dat
2009-09-02 20:17 . 2009-09-02 03:35 695642 ----a-w- c:\windows\unins000.exe
2009-08-31 22:19 . 2009-08-31 22:19 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\nxgamejp.dll
2009-08-31 22:19 . 2009-08-31 22:19 552960 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\NGMDll.dll
2009-08-31 22:19 . 2009-08-31 22:19 311296 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\NGMResource.dll
2009-08-31 22:19 . 2009-08-31 22:19 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\unicows.dll
2009-08-31 22:19 . 2009-08-31 22:19 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonJP\NGM\NGM.exe
2009-08-29 08:08 . 2006-10-01 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 02:48 . 2009-03-22 16:50 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-26 08:00 . 2006-10-01 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-01-30 19:00 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-30 19:01 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-30 19:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-30 19:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-30 19:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-30 19:01 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-30 19:01 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-30 19:01 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-30 19:01 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 01:24 . 2009-08-10 01:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_22.38.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-01 12:00 . 2009-11-05 22:24 72194 c:\windows\system32\perfc009.dat
+ 2006-10-01 12:00 . 2009-11-07 18:04 72194 c:\windows\system32\perfc009.dat
+ 2009-11-07 18:00 . 2009-11-07 18:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_644.dat
+ 2009-11-07 18:00 . 2009-11-07 18:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_60c.dat
- 2009-11-05 22:20 . 2009-11-05 22:20 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_60c.dat
+ 2006-10-01 12:00 . 2009-11-07 18:04 443920 c:\windows\system32\perfh009.dat
- 2006-10-01 12:00 . 2009-11-05 22:24 443920 c:\windows\system32\perfh009.dat
- 2009-11-05 22:20 . 2008-12-17 03:59 109080 c:\windows\system32\config\systemprofile\Local Settings\Temp\logishrd\LVPrcInj01.dll
+ 2009-11-07 18:00 . 2008-12-17 03:59 109080 c:\windows\system32\config\systemprofile\Local Settings\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-14 2000112]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Pando Media Booster "= "c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-29 2923192]
"Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-23 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Google Quick Search Box "= "c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-19 68592]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 149280]
"DLCGCATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe [2009-1-30 11354112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 12:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\dlcgcoms.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Persona\\Persona.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\WINDOWS\\Downloaded Program Files\\ExLauncher.exe "=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonJP\\NGM\\NGM.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57529:TCP "= 57529:TCPando Media Booster
"57529:UDP "= 57529:UDPando Media Booster
"56157:TCP "= 56157:TCPando Media Booster
"56157:UDP "= 56157:UDPando Media Booster
"56786:TCP "= 56786:TCPando Media Booster
"56786:UDP "= 56786:UDPando Media Booster
"56594:TCP "= 56594:TCPando Media Booster
"56594:UDP "= 56594:UDPando Media Booster
"56892:TCP "= 56892:TCPando Media Booster
"56892:UDP "= 56892:UDPando Media Booster
"57464:TCP "= 57464:TCPando Media Booster
"57464:UDP "= 57464:UDPando Media Booster
"57176:TCP "= 57176:TCPando Media Booster
"57176:UDP "= 57176:UDPando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/30/2009 1:01 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 10:17 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 10:17 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/30/2009 1:01 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/30/2009 8:00 PM 54752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/5/2009 5:19 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 1:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 10:17 AM 7408]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/16/2009 7:10 AM 234888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 KXerixeHacker;KXerixeHacker;\??\c:\documents and settings\Administrator\Desktop\kXerixeHacker.sys --> c:\documents and settings\Administrator\Desktop\kXerixeHacker.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:50]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-789336058-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-23 21:48]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-789336058-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-23 21:48]

2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - hxxp://www.flashants.com/codebase/fmplayer.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8584B1F8]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-789336058-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,a9,97,88,ad,b1,2e,4c,b9,78,1c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,a9,97,88,ad,b1,2e,4c,b9,78,1c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,24,3f,e1,f0,17,7e,42,b9,87,ab,\

[HKEY_USERS\S-1-5-21-1993962763-789336058-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-07 13:11
ComboFix-quarantined-files.txt 2009-11-07 19:11

Pre-Run: 110,022,025,216 bytes free
Post-Run: 110,003,843,072 bytes free

- - End Of File - - A31DF8CBEEC1D5C59F7B1AEEF37EA26A

DDS.txt

DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 13:15:29.92 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.388 [GMT -6:00]

AV: avast! antivirus 4.8.1351 [VPS 091107-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\stsystra.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
svchost.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\windows\explorer.exe
C:\Documents and Settings\Administrator\My Documents\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; MSN Optimized;US)" - "http://habbzhotel.ath.cx/client.php "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-142\wirelesscm.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - hxxp://www.flashants.com/codebase/fmplayer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233340450953
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-30 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-30 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-30 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-5 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-16 234888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 KXerixeHacker;KXerixeHacker;\??\c:\documents and settings\administrator\desktop\kxerixehacker.sys --> c:\documents and settings\administrator\desktop\kXerixeHacker.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-11-19 25216]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]

=============== Created Last 30 ================

2009-11-07 01:43:15 0 d-----w- c:\program files\AhnLab
2009-11-03 23:57:10 137 ----a-w- C:\HotBotSettings.ini
2009-10-31 02:00:36 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-31 01:59:03 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-31 01:19:49 98816 ----a-w- c:\windows\sed.exe
2009-10-31 01:19:49 77312 ----a-w- c:\windows\MBR.exe
2009-10-31 01:19:49 267264 ----a-w- c:\windows\PEV.exe
2009-10-31 01:19:49 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 21:55:58 82432 ---h-tw- c:\windows\system32\5e132.dll
2009-10-30 21:55:58 82432 ---h-tw- c:\windows\system32\1ca97312.dll
2009-10-30 02:59:21 326 ----a-w- c:\windows\ABotSettings.ini
2009-10-29 01:29:37 0 d-----w- c:\program files\Trend Micro
2009-10-29 01:13:46 266240 ----a-w- c:\windows\system32\OGPIEPlugin.ocx
2009-10-27 22:17:49 597 ----a-w- c:\windows\winconfig.vbs
2009-10-24 19:22:57 549 ----a-w- C:\MapleConfig.cfg
2009-10-21 00:45:05 0 d-----w- c:\program files\a-squared Free
2009-10-17 15:05:29 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-16 22:50:30 0 d--h--w- c:\windows\PIF
2009-10-16 03:22:40 0 d-----w- c:\docume~1\admini~1\applic~1\OpenOffice.org
2009-10-12 18:37:28 0 d-----w- c:\program files\Exhort Network

==================== Find3M ====================

2009-11-07 18:00:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-07 17:59:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 15:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 01:32:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 16:03:51 37 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2009-09-05 15:49:41 45 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-02 20:17:22 4451 ----a-w- c:\windows\unins000.dat
2009-09-02 20:17:18 695642 ----a-w- c:\windows\unins000.exe
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 13:15:41.07 ===============

dariene · 2009/11/07

Attach.txt

DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 13:15:29.92 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.388 [GMT -6:00]

AV: avast! antivirus 4.8.1351 [VPS 091107-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\stsystra.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
svchost.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\windows\explorer.exe
C:\Documents and Settings\Administrator\My Documents\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; MSN Optimized;US)" - "http://habbzhotel.ath.cx/client.php "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-142\wirelesscm.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - hxxp://www.flashants.com/codebase/fmplayer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233340450953
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-30 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-30 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-30 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-5 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-16 234888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 KXerixeHacker;KXerixeHacker;\??\c:\documents and settings\administrator\desktop\kxerixehacker.sys --> c:\documents and settings\administrator\desktop\kXerixeHacker.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-11-19 25216]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]

=============== Created Last 30 ================

2009-11-07 01:43:15 0 d-----w- c:\program files\AhnLab
2009-11-03 23:57:10 137 ----a-w- C:\HotBotSettings.ini
2009-10-31 02:00:36 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-31 01:59:03 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-31 01:19:49 98816 ----a-w- c:\windows\sed.exe
2009-10-31 01:19:49 77312 ----a-w- c:\windows\MBR.exe
2009-10-31 01:19:49 267264 ----a-w- c:\windows\PEV.exe
2009-10-31 01:19:49 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 21:55:58 82432 ---h-tw- c:\windows\system32\5e132.dll
2009-10-30 21:55:58 82432 ---h-tw- c:\windows\system32\1ca97312.dll
2009-10-30 02:59:21 326 ----a-w- c:\windows\ABotSettings.ini
2009-10-29 01:29:37 0 d-----w- c:\program files\Trend Micro
2009-10-29 01:13:46 266240 ----a-w- c:\windows\system32\OGPIEPlugin.ocx
2009-10-27 22:17:49 597 ----a-w- c:\windows\winconfig.vbs
2009-10-24 19:22:57 549 ----a-w- C:\MapleConfig.cfg
2009-10-21 00:45:05 0 d-----w- c:\program files\a-squared Free
2009-10-17 15:05:29 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-16 22:50:30 0 d--h--w- c:\windows\PIF
2009-10-16 03:22:40 0 d-----w- c:\docume~1\admini~1\applic~1\OpenOffice.org
2009-10-12 18:37:28 0 d-----w- c:\program files\Exhort Network

==================== Find3M ====================

2009-11-07 18:00:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-07 17:59:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 15:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 01:32:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 16:03:51 37 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2009-09-05 15:49:41 45 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-02 20:17:22 4451 ----a-w- c:\windows\unins000.dat
2009-09-02 20:17:18 695642 ----a-w- c:\windows\unins000.exe
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 13:15:41.07 ===============

hiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:53 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\stsystra.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; MSN Optimized;US)" - "http://habbzhotel.ath.cx/client.php "
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1233340450953
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} (CsLauncher Class) - http://hb.getamped.com/start/CsLauncher.cab
O16 - DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} (UpdateAgent Class) - http://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12508 bytes

broni · 2009/11/07

I'm not sure, what you did, but it doesn't look like you followed my instructions.
Nothing was removed and recovery console is still not installed.
Please, retry.

Log in or Sign up

Active Malware Combofix & hijackthis text files

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

dariene Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Malware Combofix & hijackthis text files

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

broni Moderator Malware Analyst

dariene Inactive Thread Starter

dariene Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches