I can feel a virus lurking in the system.

View previous topic View next topic Go down

I can feel a virus lurking in the system.

Post by hotchicken33 on Thu Sep 24, 2009 5:54 am

Hi, I think I have some kind of virus lurking within my computer. I am not really sure if it is here or not. My anti-virus couldn't find any. (Avast anti-virus/NOD32)

My ISP quarantined me for a trojan they detected, and my computers been freezing up a lot lately. As well as slower performance. I was planning to reformat but says my hard drive is not installed, or it could not find any. But that's my other issue.... Here's my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:34 PM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nam\Desktop\winlogon.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Pointshockband Class - {857CF8D8-C05A-4E34-A316-BE7C85A61160} - C:\PROGRA~1\POINTS~1\POINTS~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Pointshockband Class - {52A15D23-CA77-4D7E-AD9C-84118D5340E7} - C:\PROGRA~1\POINTS~1\POINTS~1.DLL (file missing)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pointshock] "C:\Program Files\pointshock\pointshock.exe" /start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Nam\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {219C6039-E795-43D9-B6F4-D94E12E75204} (GoodiWActive Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {28C2B1EF-48A4-49F0-A7B5-414DB174E745} (DekaronPMang Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} (XecureCKKB Crypto support Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} (DekaronAutoPlay Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - [You must be registered and logged in to see this link.]
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - [You must be registered and logged in to see this link.]
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) -
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} (SCSKEx Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [You must be registered and logged in to see this link.]
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll (file missing)
O21 - SSODL: vtqnxfko - {5F58FF1B-BEEE-4255-8F83-89FAE10B9185} - C:\WINDOWS\vtqnxfko.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18426 bytes

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Thu Sep 24, 2009 9:20 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Thu Sep 24, 2009 11:55 pm

ComboFix 09-09-23.02 - Nam 09/24/2009 16:29.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1339 [GMT -7:00]
Running from: c:\documents and settings\Nam\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Nam\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Nam\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Nam\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\Installer\20550.msi
c:\windows\Installer\235e054.msi
c:\windows\Installer\8d421.msi
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.reg
c:\windows\system32\win32.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 23:23 . 2008-03-03 21:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-09-23 23:08 . 2009-09-23 23:08 -------- d-----w- c:\documents and settings\Nam\Local Settings\Application Data\ESET
2009-09-23 23:00 . 2009-09-23 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-16 12:52 . 2009-09-16 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-09-15 06:20 . 2009-09-24 23:15 -------- d-----w- c:\documents and settings\Nam\Application Data\skypePM
2009-09-15 06:20 . 2009-09-15 06:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-15 06:20 . 2009-09-24 23:20 -------- d-----w- c:\documents and settings\Nam\Application Data\Skype
2009-09-15 06:19 . 2009-09-15 06:19 -------- d-----w- c:\program files\Common Files\Skype
2009-09-15 06:19 . 2009-09-15 06:20 -------- d-----r- c:\program files\Skype
2009-09-15 06:19 . 2009-09-15 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-14 00:08 . 2009-09-14 00:08 225280 ----a-w- c:\windows\system32\HKDown1.dll
2009-09-14 00:08 . 2009-09-14 00:08 282624 ----a-w- c:\windows\system32\lsuninst.exe
2009-09-14 00:08 . 2009-09-14 00:08 49152 ----a-w- c:\windows\system32\hCabUtil.dll
2009-09-13 23:45 . 2009-09-13 23:45 -------- d-----w- c:\program files\HAURI
2009-09-13 23:43 . 2009-09-13 23:43 -------- d-----w- C:\goodi
2009-09-13 23:29 . 2009-09-13 23:29 -------- d-----w- c:\program files\goodi
2009-09-12 18:09 . 2009-09-12 18:09 -------- d-----w- c:\program files\AmitySource
2009-09-11 00:00 . 2009-09-11 00:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-08 17:20 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 22:48 . 2009-09-06 23:31 -------- d-----w- C:\My Recordings
2009-09-06 22:47 . 2009-09-06 22:47 -------- d-----w- c:\program files\FREE Hi-Q Recorder
2009-09-03 04:29 . 2009-03-16 21:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-08-28 05:22 . 2009-08-28 05:35 -------- d-----w- c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 23:30 . 2009-07-05 01:25 -------- d-----w- c:\documents and settings\Nam\Application Data\DNA
2009-09-24 23:10 . 2009-07-05 01:25 -------- d-----w- c:\program files\DNA
2009-09-24 22:14 . 2008-08-06 01:03 -------- d-----w- c:\program files\Steam
2009-09-24 21:51 . 2008-03-13 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 21:39 . 2008-02-07 04:06 -------- d-----w- c:\documents and settings\Nam\Application Data\Xfire
2009-09-22 04:35 . 2008-01-25 21:01 74624 ----a-w- c:\documents and settings\Nam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 03:46 . 2008-12-27 22:56 256 ----a-w- c:\windows\system32\pool.bin
2009-09-21 19:38 . 2008-02-07 04:06 -------- d-----w- c:\program files\Xfire
2009-09-20 10:51 . 2009-01-16 07:21 -------- d-----w- c:\documents and settings\Nam\Application Data\LimeWire
2009-09-19 05:58 . 2008-01-25 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 12:52 . 2008-12-27 22:56 -------- d-----w- c:\documents and settings\Nam\Application Data\Research In Motion
2009-09-16 12:52 . 2008-12-27 22:17 -------- d-----w- c:\program files\Research In Motion
2009-09-14 22:07 . 2008-06-15 05:32 -------- d-----w- c:\program files\pointshock
2009-09-13 03:10 . 2008-01-25 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-13 03:03 . 2008-01-25 20:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-13 03:03 . 2008-01-25 20:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-08 20:21 . 2008-06-15 04:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 06:56 . 2009-08-08 03:44 -------- d-----w- c:\program files\Paradox Interactive
2009-09-06 17:46 . 2008-02-01 20:49 -------- d-----w- c:\documents and settings\Nam\Application Data\uTorrent
2009-08-27 21:45 . 2009-08-24 19:10 -------- d-----w- c:\program files\LucasArts
2009-08-23 18:01 . 2009-08-20 04:56 -------- d-----w- c:\documents and settings\Nam\Application Data\Hamachi
2009-08-20 04:55 . 2009-08-20 04:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-19 20:25 . 2009-08-19 20:25 -------- d-----w- c:\documents and settings\Nam\Application Data\TortoiseSVN
2009-08-19 20:01 . 2009-08-19 20:01 -------- d-----w- c:\documents and settings\Nam\Application Data\Subversion
2009-08-19 19:50 . 2009-08-19 19:50 -------- d-----w- c:\program files\TortoiseSVN
2009-08-19 19:50 . 2009-08-19 19:50 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-17 16:10 . 2008-11-30 23:08 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-30 23:09 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-30 23:09 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-30 23:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-30 23:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-30 23:09 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-30 23:09 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-30 23:09 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-30 23:09 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 02:51 . 2009-08-08 02:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 02:51 . 2009-08-08 02:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 05:39 . 2008-01-26 09:35 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-04 07:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 19:26 . 2009-07-29 19:26 -------- d-----w- c:\program files\Lionhead Studios
2009-07-28 22:54 . 2009-07-28 22:54 -------- d-----w- c:\program files\Angry IP Scanner
2009-07-26 20:30 . 2009-07-26 20:30 522 ----a-w- c:\windows\eReg.dat
2009-07-25 12:23 . 2008-12-06 18:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 07:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 07:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:09 . 2008-02-01 23:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-12 05:15 . 2009-05-12 05:15 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-07-05 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-09-17 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-06-04 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Creative\\AudioCS\\CTAudCS.exe"=
"c:\\Program Files\\Net Tools\\CPU.exe"=
"c:\\Program Files\\Creative\\Console Launcher\\ConsoLCu.exe"=
"c:\\Program Files\\Creative\\MediaSource5\\AudCvtu.exe"=
"c:\\Program Files\\Creative\\MediaSource\\Wizard\\AudioCvt\\AudioCvt.exe"=
"c:\\Program Files\\Creative\\DVDAudio\\CTDVDA.exe"=
"c:\\Program Files\\Creative\\WaveStudio 7\\CTWave.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry\\DesktopMgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Neowiz\\Pmang\\Launcher\\PIS.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW®.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp®.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\dystopia\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red faction guerrilla\\rfg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\RedFaction\\RedFaction.exe"=
"c:\\Games\\RedFaction\\RF.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5555:TCP"= 5555:TCP:joshua
"5556:TCP"= 5556:TCP:joshua
"5557:TCP"= 5557:TCP:joshua

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/30/2008 4:09 PM 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 33800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/30/2008 4:09 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 7:43 PM 55152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 4:04 PM 24652]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/7/2008 10:27 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\ProDefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [5/11/2009 10:15 PM 29584]
S3 Revolution1;Revolution1;\??\c:\documents and settings\Nam\Desktop\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\documents and settings\Nam\Desktop\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2/19/2008 4:07 PM 11385]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2/19/2008 4:07 PM 169109]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva073;XDva073;\??\c:\windows\system32\XDva073.sys --> c:\windows\system32\XDva073.sys [?]
S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-03-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4229394492.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-13 05:46]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
DPF: {219C6039-E795-43D9-B6F4-D94E12E75204} - [You must be registered and logged in to see this link.]
DPF: {28C2B1EF-48A4-49F0-A7B5-414DB174E745} - [You must be registered and logged in to see this link.]
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - [You must be registered and logged in to see this link.]
DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} - [You must be registered and logged in to see this link.]
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - [You must be registered and logged in to see this link.]
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - [You must be registered and logged in to see this link.]
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - [You must be registered and logged in to see this link.]
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - [You must be registered and logged in to see this link.]
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - [You must be registered and logged in to see this link.]
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - [You must be registered and logged in to see this link.]
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Nam\Application Data\Mozilla\Firefox\Profiles\8n163p8v.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Nam\Application Data\Mozilla\Firefox\Profiles\8n163p8v.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-pointshock - c:\program files\pointshock\pointshock.exe
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Nam\Desktop\HijackThis.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-{eeb86aef-4a5d-4b75-9d74-f16d438fc286} - c:\program files\PremierOpinion\pmropn.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*¬qČ]
"Name"=hex:00,ac,71,c8,00,00
"Collapsed"=hex:00,00,00,00

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{635D3982-6D6D-D866-0435-94556D2769F3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abajcegbdgmniocfafpdhfdikmjadckioo"=hex:66,62,61,6a,70,62,6c,69,6f,66,66,65,
64,69,6e,62,6a,63,6c,67,6d,62,61,64,6b,6b,6c,68,66,65,6a,68,65,67,6e,64,64,\
"bbajcegbdgmniocfaficijmiiamdholfoefg"=hex:61,62,70,6b,70,6b,63,6c,6b,63,67,61,
6c,68,62,6d,61,70,68,64,6b,6d,6a,6e,6b,6d,70,65,65,61,70,70,70,6f,00,64

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,30,4b,86,55,cb,6a,20,e3,40,1d,71,89,f1,d7,9f,e0,a0,c1,68,87,7f,7c,
84,31,ef,2c,26,5d,55,b1,72,3b,81,65,c3,3a,14,b8,8e,08,c2,3c,4c,7f,f9,ac,f6,\
"??"=hex:6b,de,f0,2f,02,08,e6,24,d2,c0,7f,59,78,49,c0,4c

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:91,a5,62,bb,07,7d,7b,40,07,f6,75,3d,57,95,da,1f,78,72,44,6d,27,
1e,8a,fd,85,c5,98,a5,94,89,86,90,13,08,f8,31,df,30,7c,d4,d8,47,2c,14,ab,e8,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(380)
c:\windows\system32\WININET.dll
c:\program files\Xfire\xfire_toucan_39183.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-24 16:43
ComboFix-quarantined-files.txt 2009-09-24 23:43

Pre-Run: 24,421,625,856 bytes free
Post-Run: 24,374,960,128 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
380 --- E O F --- 2009-09-08 20:11

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Fri Sep 25, 2009 1:39 am

Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\goodi
    c:\goodi

    File::
    c:\windows\winstart.bat
    c:\program files\Viewpoint\Common\ViewpointService.exe

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Fri Sep 25, 2009 1:40 am

Goodi is my stock market watch software, will it be deleted if I go through this procedure?

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Fri Sep 25, 2009 1:52 am

Hi

It looked unknown from here. Since you have reasonable explanation for that, then do this instead:

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\winstart.bat
    c:\program files\Viewpoint\Common\ViewpointService.exe

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Fri Sep 25, 2009 2:29 am

ComboFix 09-09-23.02 - Nam 09/24/2009 19:05.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1301 [GMT -7:00]
Running from: c:\documents and settings\Nam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nam\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\Viewpoint\Common\ViewpointService.exe"
"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-23 23:23 . 2008-03-03 21:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-09-23 23:08 . 2009-09-23 23:08 -------- d-----w- c:\documents and settings\Nam\Local Settings\Application Data\ESET
2009-09-23 23:00 . 2009-09-23 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-16 12:52 . 2009-09-16 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-09-15 06:20 . 2009-09-25 01:51 -------- d-----w- c:\documents and settings\Nam\Application Data\skypePM
2009-09-15 06:20 . 2009-09-15 06:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-15 06:20 . 2009-09-25 02:14 -------- d-----w- c:\documents and settings\Nam\Application Data\Skype
2009-09-15 06:19 . 2009-09-15 06:19 -------- d-----w- c:\program files\Common Files\Skype
2009-09-15 06:19 . 2009-09-15 06:20 -------- d-----r- c:\program files\Skype
2009-09-15 06:19 . 2009-09-15 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-14 00:08 . 2009-09-14 00:08 225280 ----a-w- c:\windows\system32\HKDown1.dll
2009-09-14 00:08 . 2009-09-14 00:08 282624 ----a-w- c:\windows\system32\lsuninst.exe
2009-09-14 00:08 . 2009-09-14 00:08 49152 ----a-w- c:\windows\system32\hCabUtil.dll
2009-09-13 23:45 . 2009-09-13 23:45 -------- d-----w- c:\program files\HAURI
2009-09-13 23:43 . 2009-09-13 23:43 -------- d-----w- C:\goodi
2009-09-13 23:29 . 2009-09-13 23:29 -------- d-----w- c:\program files\goodi
2009-09-12 18:09 . 2009-09-12 18:09 -------- d-----w- c:\program files\AmitySource
2009-09-11 00:00 . 2009-09-11 00:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-08 17:20 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 22:48 . 2009-09-06 23:31 -------- d-----w- C:\My Recordings
2009-09-06 22:47 . 2009-09-06 22:47 -------- d-----w- c:\program files\FREE Hi-Q Recorder
2009-09-03 04:29 . 2009-03-16 21:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-08-28 05:22 . 2009-08-28 05:35 -------- d-----w- c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 02:19 . 2009-07-05 01:25 -------- d-----w- c:\documents and settings\Nam\Application Data\DNA
2009-09-25 01:51 . 2008-08-06 01:03 -------- d-----w- c:\program files\Steam
2009-09-25 01:49 . 2009-07-05 01:25 -------- d-----w- c:\program files\DNA
2009-09-25 01:23 . 2008-02-07 04:06 -------- d-----w- c:\documents and settings\Nam\Application Data\Xfire
2009-09-24 21:51 . 2008-03-13 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 04:35 . 2008-01-25 21:01 74624 ----a-w- c:\documents and settings\Nam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 03:46 . 2008-12-27 22:56 256 ----a-w- c:\windows\system32\pool.bin
2009-09-21 19:38 . 2008-02-07 04:06 -------- d-----w- c:\program files\Xfire
2009-09-20 10:51 . 2009-01-16 07:21 -------- d-----w- c:\documents and settings\Nam\Application Data\LimeWire
2009-09-19 05:58 . 2008-01-25 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 12:52 . 2008-12-27 22:56 -------- d-----w- c:\documents and settings\Nam\Application Data\Research In Motion
2009-09-16 12:52 . 2008-12-27 22:17 -------- d-----w- c:\program files\Research In Motion
2009-09-14 22:07 . 2008-06-15 05:32 -------- d-----w- c:\program files\pointshock
2009-09-13 03:10 . 2008-01-25 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-13 03:03 . 2008-01-25 20:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-13 03:03 . 2008-01-25 20:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-08 20:21 . 2008-06-15 04:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 06:56 . 2009-08-08 03:44 -------- d-----w- c:\program files\Paradox Interactive
2009-09-06 17:46 . 2008-02-01 20:49 -------- d-----w- c:\documents and settings\Nam\Application Data\uTorrent
2009-08-27 21:45 . 2009-08-24 19:10 -------- d-----w- c:\program files\LucasArts
2009-08-23 18:01 . 2009-08-20 04:56 -------- d-----w- c:\documents and settings\Nam\Application Data\Hamachi
2009-08-20 04:55 . 2009-08-20 04:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-19 20:25 . 2009-08-19 20:25 -------- d-----w- c:\documents and settings\Nam\Application Data\TortoiseSVN
2009-08-19 20:01 . 2009-08-19 20:01 -------- d-----w- c:\documents and settings\Nam\Application Data\Subversion
2009-08-19 19:50 . 2009-08-19 19:50 -------- d-----w- c:\program files\TortoiseSVN
2009-08-19 19:50 . 2009-08-19 19:50 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-17 16:10 . 2008-11-30 23:08 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-30 23:09 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-30 23:09 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-30 23:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-30 23:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-30 23:09 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-30 23:09 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-30 23:09 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-30 23:09 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 02:51 . 2009-08-08 02:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 02:51 . 2009-08-08 02:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 05:39 . 2008-01-26 09:35 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-04 07:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 19:26 . 2009-07-29 19:26 -------- d-----w- c:\program files\Lionhead Studios
2009-07-28 22:54 . 2009-07-28 22:54 -------- d-----w- c:\program files\Angry IP Scanner
2009-07-26 20:30 . 2009-07-26 20:30 522 ----a-w- c:\windows\eReg.dat
2009-07-25 12:23 . 2008-12-06 18:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 07:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 07:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:09 . 2008-02-01 23:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-25 01:49 . 2009-09-25 01:49 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
- 2009-09-24 23:10 . 2009-09-24 23:10 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-07-05 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-09-17 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-06-04 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Creative\\AudioCS\\CTAudCS.exe"=
"c:\\Program Files\\Net Tools\\CPU.exe"=
"c:\\Program Files\\Creative\\Console Launcher\\ConsoLCu.exe"=
"c:\\Program Files\\Creative\\MediaSource5\\AudCvtu.exe"=
"c:\\Program Files\\Creative\\MediaSource\\Wizard\\AudioCvt\\AudioCvt.exe"=
"c:\\Program Files\\Creative\\DVDAudio\\CTDVDA.exe"=
"c:\\Program Files\\Creative\\WaveStudio 7\\CTWave.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry\\DesktopMgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Neowiz\\Pmang\\Launcher\\PIS.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW®.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp®.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\dystopia\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\khmerrouge2202\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\RedFaction\\RedFaction.exe"=
"c:\\Games\\RedFaction\\RF.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5555:TCP"= 5555:TCP:joshua
"5556:TCP"= 5556:TCP:joshua
"5557:TCP"= 5557:TCP:joshua

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/30/2008 4:09 PM 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 33800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/30/2008 4:09 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 7:43 PM 55152]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/7/2008 10:27 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\ProDefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [5/11/2009 10:15 PM 29584]
S3 Revolution1;Revolution1;\??\c:\documents and settings\Nam\Desktop\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\documents and settings\Nam\Desktop\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2/19/2008 4:07 PM 11385]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2/19/2008 4:07 PM 169109]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva073;XDva073;\??\c:\windows\system32\XDva073.sys --> c:\windows\system32\XDva073.sys [?]
S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-03-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4229394492.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]

2009-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-13 05:46]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
DPF: {219C6039-E795-43D9-B6F4-D94E12E75204} - [You must be registered and logged in to see this link.]
DPF: {28C2B1EF-48A4-49F0-A7B5-414DB174E745} - [You must be registered and logged in to see this link.]
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - [You must be registered and logged in to see this link.]
DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} - [You must be registered and logged in to see this link.]
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - [You must be registered and logged in to see this link.]
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - [You must be registered and logged in to see this link.]
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - [You must be registered and logged in to see this link.]
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - [You must be registered and logged in to see this link.]
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - [You must be registered and logged in to see this link.]
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - [You must be registered and logged in to see this link.]
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Nam\Application Data\Mozilla\Firefox\Profiles\8n163p8v.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Nam\Application Data\Mozilla\Firefox\Profiles\8n163p8v.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*¬qČ]
"Name"=hex:00,ac,71,c8,00,00
"Collapsed"=hex:00,00,00,00

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{635D3982-6D6D-D866-0435-94556D2769F3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abajcegbdgmniocfafpdhfdikmjadckioo"=hex:66,62,61,6a,70,62,6c,69,6f,66,66,65,
64,69,6e,62,6a,63,6c,67,6d,62,61,64,6b,6b,6c,68,66,65,6a,68,65,67,6e,64,64,\
"bbajcegbdgmniocfaficijmiiamdholfoefg"=hex:61,62,70,6b,70,6b,63,6c,6b,63,67,61,
6c,68,62,6d,61,70,68,64,6b,6d,6a,6e,6b,6d,70,65,65,61,70,70,70,6f,00,64

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,30,4b,86,55,cb,6a,20,e3,40,1d,71,89,f1,d7,9f,e0,a0,c1,68,87,7f,7c,
84,31,ef,2c,26,5d,55,b1,72,3b,81,65,c3,3a,14,b8,8e,08,c2,3c,4c,7f,f9,ac,f6,\
"??"=hex:6b,de,f0,2f,02,08,e6,24,d2,c0,7f,59,78,49,c0,4c

[HKEY_USERS\S-1-5-21-682003330-1580818891-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:91,a5,62,bb,07,7d,7b,40,07,f6,75,3d,57,95,da,1f,78,72,44,6d,27,
1e,8a,fd,85,c5,98,a5,94,89,86,90,13,08,f8,31,df,30,7c,d4,d8,47,2c,14,ab,e8,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
Completion time: 2009-09-25 19:24
ComboFix-quarantined-files.txt 2009-09-25 02:24
ComboFix2.txt 2009-09-24 23:43

Pre-Run: 31,969,542,144 bytes free
Post-Run: 32,032,579,584 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
336 --- E O F --- 2009-09-08 20:11

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Fri Sep 25, 2009 5:06 am

Hi

I see you are running a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: [You must be registered and logged in to see this link.]

==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Fri Sep 25, 2009 9:02 am

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 3

9/25/2009 1:24:25 AM
mbam-log-2009-09-25 (01-24-25).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 367364
Time elapsed: 2 hour(s), 47 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus (Adware.Modguide) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Nam\My Documents\SonyVegas\Sony Vegas 7 + Working Keygen (CLEAN)\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nam\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Fri Sep 25, 2009 5:54 pm

C:\Documents and Settings\Nam\My Documents\SonyVegas\Sony Vegas 7 + Working Keygen (CLEAN)\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Hi

What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

I have been questioned many times on why these things are bad. I will tell you that they are one of the top distributors of malware, and are rarely safe.

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware." Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal.

==

Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Fri Sep 25, 2009 10:57 pm

DDS (Ver_09-09-24.01) - NTFSx86
Run by Nam at 13:50:32.12 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1293 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090925-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Nam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTDVDDET] "c:\program files\creative\dvdaudio\CTDVDDET.EXE"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\nam\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe
StartupFolder: c:\docume~1\nam\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - [You must be registered and logged in to see this link.]
DPF: {219C6039-E795-43D9-B6F4-D94E12E75204} - [You must be registered and logged in to see this link.]
DPF: {28C2B1EF-48A4-49F0-A7B5-414DB174E745} - [You must be registered and logged in to see this link.]
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - [You must be registered and logged in to see this link.]
DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - [You must be registered and logged in to see this link.]
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - [You must be registered and logged in to see this link.]
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - [You must be registered and logged in to see this link.]
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - [You must be registered and logged in to see this link.]
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - [You must be registered and logged in to see this link.]
DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} - [You must be registered and logged in to see this link.]
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - [You must be registered and logged in to see this link.]
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - [You must be registered and logged in to see this link.]
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - [You must be registered and logged in to see this link.]
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - [You must be registered and logged in to see this link.]
DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} - [You must be registered and logged in to see this link.]
DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} - [You must be registered and logged in to see this link.]
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - [You must be registered and logged in to see this link.]
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nam\applic~1\mozilla\firefox\profiles\8n163p8v.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\nam\application data\mozilla\firefox\profiles\8n163p8v.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-30 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-30 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-30 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-12 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-30 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-30 352920]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-10-7 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-5-11 29584]
S3 Revolution1;Revolution1;\??\c:\documents and settings\nam\desktop\gb\revolution_engine_8.3_shak3\shak3.sys --> c:\documents and settings\nam\desktop\gb\revolution_engine_8.3_shak3\SHAK3.sys [?]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2008-2-19 11385]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2008-2-19 169109]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva073;XDva073;\??\c:\windows\system32\xdva073.sys --> c:\windows\system32\XDva073.sys [?]
S3 XDva076;XDva076;\??\c:\windows\system32\xdva076.sys --> c:\windows\system32\XDva076.sys [?]

=============== Created Last 30 ================

2009-09-24 22:23 --d----- c:\docume~1\nam\applic~1\Malwarebytes
2009-09-24 22:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 22:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-24 22:23 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-24 22:23 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 19:03 --d----- C:\ComboFix
2009-09-24 15:45 a-dshr-- C:\cmdcons
2009-09-24 15:44 229,888 a------- c:\windows\PEV.exe
2009-09-24 15:44 161,792 a------- c:\windows\SWREG.exe
2009-09-24 15:44 98,816 a------- c:\windows\sed.exe
2009-09-23 19:34 472,007 a----r-- C:\txtsetup.sif
2009-09-23 19:34 260,272 a----r-- C:\$LDR$
2009-09-23 19:33 --d----- c:\windows\setup.pss
2009-09-23 16:23 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-09-16 05:52 --d----- c:\docume~1\alluse~1\applic~1\Research In Motion
2009-09-14 23:20 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-09-14 23:19 --d--r-- c:\program files\Skype
2009-09-13 17:08 225,280 a------- c:\windows\system32\HKDown1.dll
2009-09-13 17:08 282,624 a------- c:\windows\system32\lsuninst.exe
2009-09-13 17:08 49,152 a------- c:\windows\system32\hCabUtil.dll
2009-09-13 16:45 --d----- c:\program files\HAURI
2009-09-13 16:43 --d----- C:\goodi
2009-09-13 16:29 --d----- c:\program files\goodi
2009-09-12 20:08 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-09-12 20:08 1,080 a------- c:\windows\system32\settings.sfm
2009-09-12 11:09 --d----- c:\program files\AmitySource
2009-09-10 17:00 41,872 a------- c:\windows\system32\xfcodec.dll
2009-09-08 10:20 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-06 15:48 --d----- C:\My Recordings
2009-09-06 15:47 --d----- c:\program files\FREE Hi-Q Recorder
2009-09-02 21:29 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-08-27 22:22 --d----- c:\program files\Audacity

==================== Find3M ====================

2009-09-12 20:03 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-09-12 20:03 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-08-19 21:55 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-03-29 02:05 22,328 a------- c:\docume~1\nam\applic~1\PnkBstrK.sys

============= FINISH: 13:51:07.42 ===============

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Sat Sep 26, 2009 2:14 am

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Sat Sep 26, 2009 6:44 am

Malwarebytes' Anti-Malware 1.41
Database version: 2861
Windows 5.1.2600 Service Pack 3

9/25/2009 11:44:10 PM
mbam-log-2009-09-25 (23-44-10).txt

Scan type: Quick Scan
Objects scanned: 107607
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Sat Sep 26, 2009 10:44 am

Hi

Hooray! Your computer is clean.

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Sat Sep 26, 2009 9:01 pm

THANK YOU FOR THE HELP.

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by hotchicken33 on Sat Sep 26, 2009 9:08 pm

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

hotchicken33
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-23
Gender Gender : Female
OS OS : windows XP
Points Points : 26335
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I can feel a virus lurking in the system.

Post by Dr Jay on Sat Sep 26, 2009 9:29 pm

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always reƖ on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum