Personal Guard 2009 really making me mad

View previous topic View next topic Go down

Personal Guard 2009 really making me mad

Post by Bashcc73 on Sat Oct 31, 2009 6:12 pm

Hi, new to these forums. I've been trying the methods you have recommended to others to no avail. I have tried & tried & tried to use Malware Bytes but it won't load up. I've renamed the .exe file also with no results. I don't have the $$ to buy a pricey Malware remover, and this is my only computer. Any help wo7uld be greatly appreciated.

I've tried the manual removal but that doesn't seem to help either. I am not a IT guy, so most of it seems greek to me, so a simple (as simple as possible) solution would be helpful.

Also just noticed my 7 keeps typing itself ... that can't be good ....

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Sat Oct 31, 2009 6:22 pm

Sorry to double post, but I also did get Hijack this to run, here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:18 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\winsc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
O1 - Hosts: vav2008.com 217.20.175.74
O1 - Hosts: scanner.vavscan.com 217.20.175.74
O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
O1 - Hosts: scan.vavscan.com 217.20.175.74
O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: .com
O1 - Hosts: 217.20.175.74 scanner.vavscan.com
O1 - Hosts: 217.20.175.74 [You must be registered and logged in to see this link.]
O1 - Hosts: 217.20.175.74 [You must be registered and logged in to see this link.]
O1 - Hosts: 217.20.175.74 scan.vavscan.com
O1 - Hosts: 217.20.175.74 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6B1A7719-F15B-4B55-943C-9A29A322EE66} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [c8d7999a] rundll32.exe "C:\WINDOWS\system32\lelehaku.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fumegaliv] Rundll32.exe "c:\windows\system32\pilabuma.dll",a
O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Owner\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [GetPack24] "C:\Program Files\GetPack\GetPack24.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [turuzefobe] Rundll32.exe "C:\WINDOWS\system32\hedizeji.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [turuzefobe] Rundll32.exe "C:\WINDOWS\system32\hedizeji.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Backyard Hockey 2005 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{7D775E8E-9DCA-46F5-9F44-3365910C1BEA}\{C26EC80A-99D1-4142-BBD0-E8EE92DB8DF7}\ATR1.EXE
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\wirenotu.dll C:\WINDOWS\system32\rosoyovi.dll c:\windows\system32\lunuhofu.dll nugubafe.dll c:\windows\system32\pilabuma.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: efcbbArR - efcbbArR.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O21 - SSODL: vanihilih - {5e1dc517-df2c-4eab-a2e5-a0d4f875a26f} - (no file)
O21 - SSODL: SysNet - {42368EF6-DE1E-4C84-B238-D7A6037E69C6} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
O21 - SSODL: yibelotew - {6717c496-8ee3-40ce-bbbb-0daa2f7e6973} - c:\windows\system32\pilabuma.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {5e1dc517-df2c-4eab-a2e5-a0d4f875a26f} - (no file)
O22 - SharedTaskScheduler: gahurihor - {6717c496-8ee3-40ce-bbbb-0daa2f7e6973} - c:\windows\system32\pilabuma.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9b7eebc5c3ed2) (gupdate1c9b7eebc5c3ed2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13523 bytes

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Sat Oct 31, 2009 8:12 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: Shell=Explorer.exe logon.exe
    O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
    O1 - Hosts: vav2008.com 217.20.175.74
    O1 - Hosts: scanner.vavscan.com 217.20.175.74
    O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
    O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
    O1 - Hosts: scan.vavscan.com 217.20.175.74
    O1 - Hosts: [You must be registered and logged in to see this link.] 217.20.175.74
    O1 - Hosts: 82.98.231.89 url.adtrgt.com
    O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
    O1 - Hosts: .com
    O1 - Hosts: 217.20.175.74 scanner.vavscan.com
    O1 - Hosts: 217.20.175.74 [You must be registered and logged in to see this link.]
    O1 - Hosts: 217.20.175.74 [You must be registered and logged in to see this link.]
    O1 - Hosts: 217.20.175.74 scan.vavscan.com
    O1 - Hosts: 217.20.175.74 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {6B1A7719-F15B-4B55-943C-9A29A322EE66} - (no file)
    O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - (no file)
    O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - (no file)
    O4 - HKLM\..\Run: [c8d7999a] rundll32.exe "C:\WINDOWS\system32\lelehaku.dll",b
    O4 - HKLM\..\Run: [fumegaliv] Rundll32.exe "c:\windows\system32\pilabuma.dll",a
    O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Owner\Application Data\Twain\Twain.exe
    O4 - HKCU\..\Run: [GetPack24] "C:\Program Files\GetPack\GetPack24.exe"
    O4 - HKUS\S-1-5-19\..\Run: [turuzefobe] Rundll32.exe "C:\WINDOWS\system32\hedizeji.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [turuzefobe] Rundll32.exe "C:\WINDOWS\system32\hedizeji.dll",s (User 'NETWORK SERVICE')
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3).ini
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O20 - AppInit_DLLs: c:\windows\system32\wirenotu.dll C:\WINDOWS\system32\rosoyovi.dll c:\windows\system32\lunuhofu.dll nugubafe.dll c:\windows\system32\pilabuma.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: efcbbArR - efcbbArR.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O21 - SSODL: vanihilih - {5e1dc517-df2c-4eab-a2e5-a0d4f875a26f} - (no file)
    O21 - SSODL: SysNet - {42368EF6-DE1E-4C84-B238-D7A6037E69C6} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
    O21 - SSODL: yibelotew - {6717c496-8ee3-40ce-bbbb-0daa2f7e6973} - c:\windows\system32\pilabuma.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {5e1dc517-df2c-4eab-a2e5-a0d4f875a26f} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {6717c496-8ee3-40ce-bbbb-0daa2f7e6973} - c:\windows\system32\pilabuma.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Sat Oct 31, 2009 9:08 pm

Did as you stated, when I try to install MBAM I get the following prompt:

Unable to execute File:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess; code2.
The system cannot find the file specified

Also reran HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:37 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\winsc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fumegaliv] Rundll32.exe "c:\windows\system32\pilabuma.dll",a
O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Backyard Hockey 2005 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{7D775E8E-9DCA-46F5-9F44-3365910C1BEA}\{C26EC80A-99D1-4142-BBD0-E8EE92DB8DF7}\ATR1.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\pilabuma.dll,nugubafe.dll
O21 - SSODL: yibelotew - {6717c496-8ee3-40ce-bbbb-0daa2f7e6973} - c:\windows\system32\pilabuma.dll
O21 - SSODL: SysNet - {E830DB69-2B91-4203-9028-99E702C0160A} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
O22 - SharedTaskScheduler: gahurihor - {6717c496-8ee3-40ce-bbbb-0daa2f7e6973} - c:\windows\system32\pilabuma.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9b7eebc5c3ed2) (gupdate1c9b7eebc5c3ed2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11512 bytes

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Sun Nov 01, 2009 10:44 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 4:17 am

ComboFix 09-10-30.01 - Owner 11/01/2009 22:43.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.467 [GMT -5]
Running from: c:\documents and settings\Owner\My Documents\My Pictures\Family\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - svchost.exe: deleted 36 bytes in 1 streams.
ADS - explorer.exe: deleted 36 bytes in 1 streams.
ADS - win32k.sys: deleted 36 bytes in 1 streams.
ADS - netcfgx.dll: deleted 36 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft AData
c:\documents and settings\All Users\Microsoft AData\sysnet.dll
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Owner\Start Menu\Programs\Personal Guard 2009
c:\documents and settings\Owner\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk
c:\documents and settings\Owner\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk
c:\program files\DefenderPro AntiSpy\AntiSpy\Def\CnsMin.dsc
c:\program files\DefenderPro AntiSpy\AntiSpy\Def\CnsMin.prf
c:\program files\GetPack
c:\program files\iCheck
c:\program files\Mjcore
c:\program files\Personal Guard 2009
c:\program files\Personal Guard 2009\config.scf
c:\program files\Personal Guard 2009\mmbase.sdb
c:\program files\Personal Guard 2009\personalguard.exe
c:\program files\Personal Guard 2009\q.sdb
c:\program files\Personal Guard 2009\queue.sdb
c:\program files\Personal Guard 2009\uninstalls.exe
c:\program files\Personal Guard 2009\vvbase.sdb
c:\program files\SelectRebates
c:\recycler\S-1-5-21-3769667371-463431236-1463065611-1003
c:\windows\microsoftdef.dll
c:\windows\run.log
c:\windows\system32\AKSCJRqr.ini2
c:\windows\system32\fihatoye.dll
c:\windows\system32\fokubino.dll
c:\windows\system32\HNnnnnpo.ini
c:\windows\system32\HNnnnnpo.ini2
c:\windows\system32\kijudawi.dll
c:\windows\system32\magiduko.dll
c:\windows\system32\nugubafe.dll
c:\windows\system32\pafuvole.dll
c:\windows\system32\ukahelel.ini
c:\windows\system32\vefiniwi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 03:37 . 2009-11-02 03:40 -------- d-----w- C:\Combo-Fix
2009-11-01 00:16 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 00:16 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 00:16 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 00:16 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\program files\Avira
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-31 20:56 . 2009-10-31 20:56 262144 ----a-w- C:\ntuser.dat
2009-10-31 20:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 20:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 20:55 . 2009-10-31 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 20:55 . 2009-10-31 20:55 30784 ----a-w- c:\windows\system32\drivers\srfzlrkp.sys
2009-10-31 19:34 . 2009-10-31 19:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-31 19:30 . 2009-10-31 19:30 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-31 19:26 . 2009-10-31 19:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-31 19:21 . 2009-10-31 19:22 -------- dc-h--w- c:\windows\ie8
2009-10-31 18:20 . 2009-10-31 18:20 -------- d-----w- c:\program files\Trend Micro
2009-10-31 03:27 . 2009-10-31 03:27 64 ----a-w- c:\windows\tsiwinfile.dat
2009-10-31 03:26 . 2009-10-31 03:26 737280 ----a-w- c:\windows\iun6002.exe
2009-10-31 03:26 . 2009-10-31 15:37 -------- d-----w- c:\program files\DefenderPro AntiSpy
2009-10-31 02:22 . 2009-10-31 02:22 -------- d-----w- C:\_OTM
2009-10-31 02:15 . 2009-10-31 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-31 02:14 . 2009-10-31 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 00:42 . 2009-10-31 00:42 382976 ----a-w- c:\windows\system32\winsc.exe
2009-10-31 00:42 . 2009-10-31 18:02 51197 ----a-w- c:\windows\spoov.exe
2009-10-31 00:42 . 2009-10-31 18:02 47872 ----a-w- c:\windows\certsystem.exe
2009-10-31 00:42 . 2009-10-31 18:02 38352 ----a-w- c:\windows\regred.exe
2009-10-31 00:42 . 2009-10-31 18:02 33149 ----a-w- c:\windows\usexplorer.exe
2009-10-31 00:42 . 2009-10-31 18:02 28320 ----a-w- c:\windows\securits.com
2009-10-30 15:00 . 2009-10-30 15:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-10-30 02:46 . 2009-10-30 20:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2009-10-27 06:11 . 2009-10-27 07:04 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-10-27 01:38 . 2009-10-27 01:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-25 23:54 . 2009-10-27 01:38 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 03:57 . 2008-07-16 08:56 -------- d-----w- c:\program files\Common Files\Akamai
2009-11-01 17:13 . 2007-09-12 07:19 -------- d-----w- c:\program files\Diablo II
2009-10-31 20:56 . 2007-01-26 18:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-10-31 19:30 . 2007-01-27 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-31 17:58 . 2009-09-16 07:50 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-10-31 15:36 . 2009-02-13 18:04 -------- d-----w- c:\program files\QuickTime
2009-10-31 15:36 . 2007-05-03 00:42 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-31 15:36 . 2008-07-14 03:31 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-10-31 15:36 . 2009-02-12 16:08 -------- d-----w- c:\program files\Xfire
2009-10-31 15:36 . 2008-01-26 20:09 -------- d-----w- c:\program files\World of Warcraft
2009-10-31 15:36 . 2006-06-09 03:24 -------- d-----w- c:\program files\AvRack
2009-10-31 15:36 . 2008-03-04 13:17 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2009-10-31 15:36 . 2006-06-09 03:26 -------- d-----w- c:\program files\MSN Encarta Plus
2009-10-31 15:33 . 2006-06-09 03:28 -------- d-----w- c:\program files\Viewpoint
2009-10-31 06:42 . 2006-06-09 03:17 -------- d-----w- c:\program files\Google
2009-10-31 03:31 . 2007-01-31 07:57 -------- d-----w- c:\program files\Defender Pro
2009-10-31 03:03 . 2007-04-01 01:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-31 01:28 . 2009-09-07 01:01 -------- d-----w- c:\program files\Pando Networks
2009-10-28 17:27 . 2009-09-07 04:21 -------- d-----w- c:\program files\Turbine
2009-10-27 07:06 . 2007-04-01 01:23 -------- d-----w- c:\program files\Oberon Media
2009-10-27 06:12 . 2009-07-08 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-10-18 02:04 . 2007-12-11 05:23 -------- d-----w- c:\program files\DivX
2009-10-18 02:03 . 2009-09-17 11:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-21 03:39 . 2007-05-15 01:57 -------- d--h--w- c:\documents and settings\Owner\Application Data\Move Networks
2009-09-16 07:50 . 2009-09-16 07:50 -------- d-----w- c:\program files\uTorrent
2009-09-15 07:38 . 2009-07-04 20:24 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix GOLD
2009-09-15 07:25 . 2009-09-15 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-09-06 09:36 . 2009-09-06 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-03 19:51 . 2009-09-03 19:48 -------- d-----w- c:\program files\Stealthbot
2009-09-03 04:34 . 2006-06-09 03:22 -------- d-----w- c:\program files\Java
2009-08-23 21:14 . 2007-01-27 00:51 1216 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(3).dll
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2007-04-14 20:00 . 2007-04-14 20:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(3).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(3).dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\busekuja.dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\hagebuzi.dll
2009-08-01 01:30 . 2009-08-01 01:30 89600 --sha-w- c:\windows\system32\luzigemu.dll
2009-07-31 13:31 . 2009-07-31 13:31 90112 --sha-w- c:\windows\system32\pilabuma.dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\vefiniwi(2).dll
2009-07-31 00:40 . 2009-07-31 00:40 52224 --sha-w- c:\windows\system32\vefiniwi(3).dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8928606-cc60-4d32-af80-d7846c75f9cb}]
2009-07-31 00:40 52224 --sha-w- c:\windows\system32\busekuja.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Power2GoExpress"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-26 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2009-7-3 942592]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Backyard Hockey 2005 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Backyard Hockey 2005 Registration.lnk
backup=c:\windows\pss\Backyard Hockey 2005 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3528:TCP"= 3528:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"4042:TCP"= 4042:TCP:Akamai NetSession Interface
"2977:TCP"= 2977:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"2275:TCP"= 2275:TCP:Akamai NetSession Interface
"3467:TCP"= 3467:TCP:Akamai NetSession Interface
"4001:TCP"= 4001:TCP:Akamai NetSession Interface
"4325:TCP"= 4325:TCP:Akamai NetSession Interface
"4927:TCP"= 4927:TCP:Akamai NetSession Interface
"4942:TCP"= 4942:TCP:Akamai NetSession Interface
"1310:TCP"= 1310:TCP:Akamai NetSession Interface
"4935:TCP"= 4935:TCP:Akamai NetSession Interface
"4353:TCP"= 4353:TCP:Akamai NetSession Interface
"2511:TCP"= 2511:TCP:Akamai NetSession Interface
"2529:TCP"= 2529:TCP:Akamai NetSession Interface
"2515:TCP"= 2515:TCP:Akamai NetSession Interface
"1973:TCP"= 1973:TCP:Akamai NetSession Interface
"3514:TCP"= 3514:TCP:Akamai NetSession Interface
"3412:TCP"= 3412:TCP:Akamai NetSession Interface
"1939:TCP"= 1939:TCP:Akamai NetSession Interface
"1281:TCP"= 1281:TCP:Akamai NetSession Interface
"4343:TCP"= 4343:TCP:Akamai NetSession Interface
"3005:TCP"= 3005:TCP:Akamai NetSession Interface
"3268:TCP"= 3268:TCP:Akamai NetSession Interface
"4930:TCP"= 4930:TCP:Akamai NetSession Interface
"4829:TCP"= 4829:TCP:Akamai NetSession Interface
"1156:TCP"= 1156:TCP:Akamai NetSession Interface
"1949:TCP"= 1949:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"2427:TCP"= 2427:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1300:TCP"= 1300:TCP:Akamai NetSession Interface
"1322:TCP"= 1322:TCP:Akamai NetSession Interface
"2976:TCP"= 2976:TCP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2210:TCP"= 2210:TCP:Akamai NetSession Interface
"2308:TCP"= 2308:TCP:Akamai NetSession Interface
"2350:TCP"= 2350:TCP:Akamai NetSession Interface
"2395:TCP"= 2395:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"2127:TCP"= 2127:TCP:Akamai NetSession Interface
"2823:TCP"= 2823:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"2018:TCP"= 2018:TCP:Akamai NetSession Interface
"4462:TCP"= 4462:TCP:Akamai NetSession Interface
"1222:TCP"= 1222:TCP:Akamai NetSession Interface
"1438:TCP"= 1438:TCP:Akamai NetSession Interface
"3403:TCP"= 3403:TCP:Akamai NetSession Interface
"3606:TCP"= 3606:TCP:Akamai NetSession Interface
"2491:TCP"= 2491:TCP:Akamai NetSession Interface
"4412:TCP"= 4412:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2741:TCP"= 2741:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"2319:TCP"= 2319:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"1472:TCP"= 1472:TCP:Akamai NetSession Interface
"4322:TCP"= 4322:TCP:Akamai NetSession Interface
"4526:TCP"= 4526:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4122:TCP"= 4122:TCP:Akamai NetSession Interface
"1298:TCP"= 1298:TCP:Akamai NetSession Interface
"4898:TCP"= 4898:TCP:Akamai NetSession Interface
"4916:TCP"= 4916:TCP:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:Akamai NetSession Interface
"4976:TCP"= 4976:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1190:TCP"= 1190:TCP:Akamai NetSession Interface
"1227:TCP"= 1227:TCP:Akamai NetSession Interface
"1237:TCP"= 1237:TCP:Akamai NetSession Interface
"1272:TCP"= 1272:TCP:Akamai NetSession Interface
"1283:TCP"= 1283:TCP:Akamai NetSession Interface
"1335:TCP"= 1335:TCP:Akamai NetSession Interface
"1344:TCP"= 1344:TCP:Akamai NetSession Interface
"1384:TCP"= 1384:TCP:Akamai NetSession Interface
"1392:TCP"= 1392:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1225:TCP"= 1225:TCP:Akamai NetSession Interface
"1572:TCP"= 1572:TCP:Akamai NetSession Interface
"3502:TCP"= 3502:TCP:Akamai NetSession Interface
"3626:TCP"= 3626:TCP:Akamai NetSession Interface
"2243:TCP"= 2243:TCP:Akamai NetSession Interface
"3046:TCP"= 3046:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"1863:TCP"= 1863:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3546:TCP"= 3546:TCP:Akamai NetSession Interface
"1744:TCP"= 1744:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"1628:TCP"= 1628:TCP:Akamai NetSession Interface
"2224:TCP"= 2224:TCP:Akamai NetSession Interface
"2294:TCP"= 2294:TCP:Akamai NetSession Interface
"2242:TCP"= 2242:TCP:Akamai NetSession Interface
"3185:TCP"= 3185:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1301:TCP"= 1301:TCP:Akamai NetSession Interface
"3621:TCP"= 3621:TCP:Akamai NetSession Interface
"4842:TCP"= 4842:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"2761:TCP"= 2761:TCP:Akamai NetSession Interface
"2093:TCP"= 2093:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"4346:TCP"= 4346:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"4217:TCP"= 4217:TCP:Akamai NetSession Interface
"4246:TCP"= 4246:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"4359:TCP"= 4359:TCP:Akamai NetSession Interface
"1469:TCP"= 1469:TCP:Akamai NetSession Interface
"1477:TCP"= 1477:TCP:Akamai NetSession Interface
"1142:TCP"= 1142:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"3747:TCP"= 3747:TCP:Akamai NetSession Interface
"4190:TCP"= 4190:TCP:Akamai NetSession Interface
"3967:TCP"= 3967:TCP:Akamai NetSession Interface
"2007:TCP"= 2007:TCP:Akamai NetSession Interface
"1239:TCP"= 1239:TCP:Akamai NetSession Interface
"4685:TCP"= 4685:TCP:Akamai NetSession Interface
"3087:TCP"= 3087:TCP:Akamai NetSession Interface
"3106:TCP"= 3106:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1433:TCP"= 1433:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1462:TCP"= 1462:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1209:TCP"= 1209:TCP:Akamai NetSession Interface
"1507:TCP"= 1507:TCP:Akamai NetSession Interface
"1556:TCP"= 1556:TCP:Akamai NetSession Interface
"1591:TCP"= 1591:TCP:Akamai NetSession Interface
"1604:TCP"= 1604:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"3173:TCP"= 3173:TCP:Akamai NetSession Interface
"3206:TCP"= 3206:TCP:Akamai NetSession Interface
"2886:TCP"= 2886:TCP:Akamai NetSession Interface
"2951:TCP"= 2951:TCP:Akamai NetSession Interface
"3020:TCP"= 3020:TCP:Akamai NetSession Interface
"3056:TCP"= 3056:TCP:Akamai NetSession Interface
"3085:TCP"= 3085:TCP:Akamai NetSession Interface
"3119:TCP"= 3119:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"1105:TCP"= 1105:TCP:Akamai NetSession Interface
"1170:TCP"= 1170:TCP:Akamai NetSession Interface
"1210:TCP"= 1210:TCP:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1143:TCP"= 1143:TCP:Akamai NetSession Interface
"1215:TCP"= 1215:TCP:Akamai NetSession Interface
"1311:TCP"= 1311:TCP:Akamai NetSession Interface
"1356:TCP"= 1356:TCP:Akamai NetSession Interface
"1398:TCP"= 1398:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"4957:TCP"= 4957:TCP:Akamai NetSession Interface
"3954:TCP"= 3954:TCP:Akamai NetSession Interface
"3804:TCP"= 3804:TCP:Akamai NetSession Interface
"1953:TCP"= 1953:TCP:Akamai NetSession Interface
"2587:TCP"= 2587:TCP:Akamai NetSession Interface
"2632:TCP"= 2632:TCP:Akamai NetSession Interface
"4966:TCP"= 4966:TCP:Akamai NetSession Interface
"4994:TCP"= 4994:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1183:TCP"= 1183:TCP:Akamai NetSession Interface
"3922:TCP"= 3922:TCP:Akamai NetSession Interface
"4040:TCP"= 4040:TCP:Akamai NetSession Interface
"4728:TCP"= 4728:TCP:Akamai NetSession Interface
"1803:TCP"= 1803:TCP:Akamai NetSession Interface
"4749:TCP"= 4749:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4857:TCP"= 4857:TCP:Akamai NetSession Interface
"4917:TCP"= 4917:TCP:Akamai NetSession Interface
"3562:TCP"= 3562:TCP:Akamai NetSession Interface
"1590:TCP"= 1590:TCP:Akamai NetSession Interface
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"1026:TCP"= 1026:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"3951:TCP"= 3951:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2095:TCP"= 2095:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"4393:TCP"= 4393:TCP:Akamai NetSession Interface
"4407:TCP"= 4407:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"4448:TCP"= 4448:TCP:Akamai NetSession Interface
"4498:TCP"= 4498:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:Akamai NetSession Interface
"2388:TCP"= 2388:TCP:Akamai NetSession Interface
"1259:TCP"= 1259:TCP:Akamai NetSession Interface
"2177:TCP"= 2177:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"4820:TCP"= 4820:TCP:Akamai NetSession Interface
"4841:TCP"= 4841:TCP:Akamai NetSession Interface
"2560:TCP"= 2560:TCP:Akamai NetSession Interface
"3460:TCP"= 3460:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"2826:TCP"= 2826:TCP:Akamai NetSession Interface
"2437:TCP"= 2437:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1909:TCP"= 1909:TCP:Akamai NetSession Interface
"3058:TCP"= 3058:TCP:Akamai NetSession Interface
"3435:TCP"= 3435:TCP:Akamai NetSession Interface
"4348:TCP"= 4348:TCP:Akamai NetSession Interface
"2801:TCP"= 2801:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"1722:TCP"= 1722:TCP:Akamai NetSession Interface
"2202:TCP"= 2202:TCP:Akamai NetSession Interface
"1574:TCP"= 1574:TCP:Akamai NetSession Interface
"4193:TCP"= 4193:TCP:Akamai NetSession Interface
"2998:TCP"= 2998:TCP:Akamai NetSession Interface
"4129:TCP"= 4129:TCP:Akamai NetSession Interface
"4157:TCP"= 4157:TCP:Akamai NetSession Interface
"4169:TCP"= 4169:TCP:Akamai NetSession Interface
"3391:TCP"= 3391:TCP:Akamai NetSession Interface
"3578:TCP"= 3578:TCP:Akamai NetSession Interface
"4962:TCP"= 4962:TCP:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"1097:TCP"= 1097:TCP:Akamai NetSession Interface
"2379:TCP"= 2379:TCP:Akamai NetSession Interface
"3673:TCP"= 3673:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"2434:TCP"= 2434:TCP:Akamai NetSession Interface
"2674:TCP"= 2674:TCP:Akamai NetSession Interface
"3227:TCP"= 3227:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"1892:TCP"= 1892:TCP:Akamai NetSession Interface
"2794:TCP"= 2794:TCP:Akamai NetSession Interface
"1640:TCP"= 1640:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"2920:TCP"= 2920:TCP:Akamai NetSession Interface
"2943:TCP"= 2943:TCP:Akamai NetSession Interface
"1513:TCP"= 1513:TCP:Akamai NetSession Interface
"3665:TCP"= 3665:TCP:Akamai NetSession Interface
"3848:TCP"= 3848:TCP:Akamai NetSession Interface
"4453:TCP"= 4453:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"1988:TCP"= 1988:TCP:Akamai NetSession Interface
"4111:TCP"= 4111:TCP:Akamai NetSession Interface
"4684:TCP"= 4684:TCP:Akamai NetSession Interface
"1499:TCP"= 1499:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"3322:TCP"= 3322:TCP:Akamai NetSession Interface
"1706:TCP"= 1706:TCP:Akamai NetSession Interface
"2452:TCP"= 2452:TCP:Akamai NetSession Interface
"4565:TCP"= 4565:TCP:Akamai NetSession Interface
"4582:TCP"= 4582:TCP:Akamai NetSession Interface
"1752:TCP"= 1752:TCP:Akamai NetSession Interface
"1913:TCP"= 1913:TCP:Akamai NetSession Interface
"2956:TCP"= 2956:TCP:Akamai NetSession Interface
"2644:TCP"= 2644:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"1166:TCP"= 1166:TCP:Akamai NetSession Interface
"4034:TCP"= 4034:TCP:Akamai NetSession Interface
"2980:TCP"= 2980:TCP:Akamai NetSession Interface
"2257:TCP"= 2257:TCP:Akamai NetSession Interface
"2559:TCP"= 2559:TCP:Akamai NetSession Interface
"3867:TCP"= 3867:TCP:Akamai NetSession Interface
"4788:TCP"= 4788:TCP:Akamai NetSession Interface
"1586:TCP"= 1586:TCP:Akamai NetSession Interface
"3448:TCP"= 3448:TCP:Akamai NetSession Interface
"2751:TCP"= 2751:TCP:Akamai NetSession Interface
"4899:TCP"= 4899:TCP:Akamai NetSession Interface
"3105:TCP"= 3105:TCP:Akamai NetSession Interface
"3652:TCP"= 3652:TCP:Akamai NetSession Interface
"1474:TCP"= 1474:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1164:TCP"= 1164:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 11:12 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 7:16 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/24/2007 8:31 AM 24652]
S1 srfzlrkp;srfzlrkp;c:\windows\system32\drivers\srfzlrkp.sys [10/31/2009 3:55 PM 30784]
S2 gupdate1c9b7eebc5c3ed2;Google Update Service (gupdate1c9b7eebc5c3ed2);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2009 9:07 PM 133104]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/15/2009 2:25 AM 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/15/2009 2:25 AM 218608]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [8/20/2008 1:36 PM 142976]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - GTNDIS5
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: warriornation.net\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ac3z4fhj.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(2).dll
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(3).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(2).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(2).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(2).dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(3).dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-fumegaliv - c:\windows\system32\kijudawi.dll
HKLM-Run-Easy Dock - (no file)
HKLM-Run-turuzefobe - vefiniwi.dll
SharedTaskScheduler-{052bdd7b-7c0a-4ccf-b3c1-227c145b6c75} - c:\windows\system32\kijudawi.dll
SSODL-SysNet-{E830DB69-2B91-4203-9028-99E702C0160A} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll
SSODL-kehejahat-{052bdd7b-7c0a-4ccf-b3c1-227c145b6c75} - c:\windows\system32\kijudawi.dll
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe
AddRemove-StealthBot v2.6 Revision 3 - c:\program files\StealthBot\uninst.exe
AddRemove-Viewpoint Toolbar - c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-01 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\busekuja.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2009-11-02 23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 04:14

Pre-Run: 20,510,547,968 bytes free
Post-Run: 20,211,212,288 bytes free

- - End Of File - - 8407E81C91589A4288CCD4CEE69920A2


:Edit: Personal Guard 2009 & the false Windows Security Alert are not showing up as of right now, but now I have multiple pop-ups occurring. Not sure if this is just part of the Malware still on the system, just relaying the info.

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Mon Nov 02, 2009 9:40 am

Hello.
There is still an infection left to clear out.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\drivers\srfzlrkp.sys
    c:\windows\system32\winsc.exe
    c:\windows\spoov.exe
    c:\windows\certsystem.exe
    c:\windows\regred.exe
    c:\windows\usexplorer.exe
    c:\windows\securits.com
    c:\windows\system32\busekuja.dll
    c:\windows\system32\hagebuzi.dll
    c:\windows\system32\luzigemu.dll
    c:\windows\system32\pilabuma.dll
    c:\windows\system32\vefiniwi(2).dll
    c:\windows\system32\vefiniwi(3).dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8928606-cc60-4d32-af80-d7846c75f9cb}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-

    Driver::
    srfzlrkp
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 4:17 pm

ComboFix 09-11-01.04 - Owner 11/02/2009 10:45.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.520 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\My Pictures\Family\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\My Pictures\Family\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\certsystem.exe"
"c:\windows\regred.exe"
"c:\windows\securits.com"
"c:\windows\spoov.exe"
"c:\windows\system32\busekuja.dll"
"c:\windows\system32\drivers\srfzlrkp.sys"
"c:\windows\system32\hagebuzi.dll"
"c:\windows\system32\luzigemu.dll"
"c:\windows\system32\pilabuma.dll"
"c:\windows\system32\vefiniwi(2).dll"
"c:\windows\system32\vefiniwi(3).dll"
"c:\windows\system32\winsc.exe"
"c:\windows\usexplorer.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\certsystem.exe
c:\windows\regred.exe
c:\windows\securits.com
c:\windows\spoov.exe
c:\windows\system32\busekuja.dll
c:\windows\system32\drivers\srfzlrkp.sys
c:\windows\system32\hagebuzi.dll
c:\windows\system32\luzigemu.dll
c:\windows\system32\pilabuma.dll
c:\windows\system32\sivaforu.dll
c:\windows\system32\vefiniwi(2).dll
c:\windows\system32\vefiniwi(3).dll
c:\windows\system32\winsc.exe
c:\windows\usexplorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srfzlrkp


((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 07:22 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 07:22 . 2009-11-02 07:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 07:22 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 03:37 . 2009-11-02 03:40 -------- d-----w- C:\Combo-Fix
2009-11-01 00:16 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 00:16 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 00:16 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 00:16 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\program files\Avira
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-31 20:56 . 2009-10-31 20:56 262144 ----a-w- C:\ntuser.dat
2009-10-31 19:34 . 2009-10-31 19:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-31 19:30 . 2009-10-31 19:30 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-31 19:26 . 2009-10-31 19:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-31 19:21 . 2009-10-31 19:22 -------- dc-h--w- c:\windows\ie8
2009-10-31 18:20 . 2009-10-31 18:20 -------- d-----w- c:\program files\Trend Micro
2009-10-31 03:27 . 2009-10-31 03:27 64 ----a-w- c:\windows\tsiwinfile.dat
2009-10-31 03:26 . 2009-10-31 03:26 737280 ----a-w- c:\windows\iun6002.exe
2009-10-31 03:26 . 2009-10-31 15:37 -------- d-----w- c:\program files\DefenderPro AntiSpy
2009-10-31 02:22 . 2009-10-31 02:22 -------- d-----w- C:\_OTM
2009-10-31 02:15 . 2009-10-31 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-31 02:14 . 2009-10-31 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 15:00 . 2009-10-30 15:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-10-30 02:46 . 2009-10-30 20:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2009-10-27 06:11 . 2009-10-27 07:04 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-10-27 01:38 . 2009-10-27 01:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-25 23:54 . 2009-10-27 01:38 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 16:00 . 2008-07-16 08:56 -------- d-----w- c:\program files\Common Files\Akamai
2009-11-01 17:13 . 2007-09-12 07:19 -------- d-----w- c:\program files\Diablo II
2009-10-31 20:56 . 2007-01-26 18:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-10-31 19:30 . 2007-01-27 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-31 17:58 . 2009-09-16 07:50 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-10-31 15:36 . 2009-02-13 18:04 -------- d-----w- c:\program files\QuickTime
2009-10-31 15:36 . 2007-05-03 00:42 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-31 15:36 . 2008-07-14 03:31 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-10-31 15:36 . 2009-02-12 16:08 -------- d-----w- c:\program files\Xfire
2009-10-31 15:36 . 2008-01-26 20:09 -------- d-----w- c:\program files\World of Warcraft
2009-10-31 15:36 . 2006-06-09 03:24 -------- d-----w- c:\program files\AvRack
2009-10-31 15:36 . 2008-03-04 13:17 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2009-10-31 15:36 . 2006-06-09 03:26 -------- d-----w- c:\program files\MSN Encarta Plus
2009-10-31 15:33 . 2006-06-09 03:28 -------- d-----w- c:\program files\Viewpoint
2009-10-31 06:42 . 2006-06-09 03:17 -------- d-----w- c:\program files\Google
2009-10-31 03:31 . 2007-01-31 07:57 -------- d-----w- c:\program files\Defender Pro
2009-10-31 03:03 . 2007-04-01 01:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-31 01:28 . 2009-09-07 01:01 -------- d-----w- c:\program files\Pando Networks
2009-10-28 17:27 . 2009-09-07 04:21 -------- d-----w- c:\program files\Turbine
2009-10-27 07:06 . 2007-04-01 01:23 -------- d-----w- c:\program files\Oberon Media
2009-10-27 06:12 . 2009-07-08 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-10-18 02:04 . 2007-12-11 05:23 -------- d-----w- c:\program files\DivX
2009-10-18 02:03 . 2009-09-17 11:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-21 03:39 . 2007-05-15 01:57 -------- d--h--w- c:\documents and settings\Owner\Application Data\Move Networks
2009-09-16 07:50 . 2009-09-16 07:50 -------- d-----w- c:\program files\uTorrent
2009-09-15 07:38 . 2009-07-04 20:24 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix GOLD
2009-09-15 07:25 . 2009-09-15 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-09-06 09:36 . 2009-09-06 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-03 19:51 . 2009-09-03 19:48 -------- d-----w- c:\program files\Stealthbot
2009-08-23 21:14 . 2007-01-27 00:51 1216 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(3).dll
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2007-04-14 20:00 . 2007-04-14 20:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(3).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(3).dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-02 15:59 . 2009-11-02 15:59 16384 c:\windows\temp\Perflib_Perfdata_7c8.dat
+ 2004-08-26 16:12 . 2009-11-02 14:24 64518 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2009-11-02 03:32 64518 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2009-11-02 14:24 409122 c:\windows\system32\perfh009.dat
- 2004-08-26 16:12 . 2009-11-02 03:32 409122 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Power2GoExpress"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"fumegaliv"="c:\windows\system32\wamonewe.dll" [BU]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-26 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
"turuzefobe"="vefiniwi.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2009-7-3 942592]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Backyard Hockey 2005 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Backyard Hockey 2005 Registration.lnk
backup=c:\windows\pss\Backyard Hockey 2005 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3528:TCP"= 3528:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"4042:TCP"= 4042:TCP:Akamai NetSession Interface
"2977:TCP"= 2977:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"2275:TCP"= 2275:TCP:Akamai NetSession Interface
"3467:TCP"= 3467:TCP:Akamai NetSession Interface
"4001:TCP"= 4001:TCP:Akamai NetSession Interface
"4325:TCP"= 4325:TCP:Akamai NetSession Interface
"4927:TCP"= 4927:TCP:Akamai NetSession Interface
"4942:TCP"= 4942:TCP:Akamai NetSession Interface
"1310:TCP"= 1310:TCP:Akamai NetSession Interface
"4935:TCP"= 4935:TCP:Akamai NetSession Interface
"4353:TCP"= 4353:TCP:Akamai NetSession Interface
"2511:TCP"= 2511:TCP:Akamai NetSession Interface
"2529:TCP"= 2529:TCP:Akamai NetSession Interface
"2515:TCP"= 2515:TCP:Akamai NetSession Interface
"1973:TCP"= 1973:TCP:Akamai NetSession Interface
"3514:TCP"= 3514:TCP:Akamai NetSession Interface
"3412:TCP"= 3412:TCP:Akamai NetSession Interface
"1939:TCP"= 1939:TCP:Akamai NetSession Interface
"1281:TCP"= 1281:TCP:Akamai NetSession Interface
"4343:TCP"= 4343:TCP:Akamai NetSession Interface
"3005:TCP"= 3005:TCP:Akamai NetSession Interface
"3268:TCP"= 3268:TCP:Akamai NetSession Interface
"4930:TCP"= 4930:TCP:Akamai NetSession Interface
"4829:TCP"= 4829:TCP:Akamai NetSession Interface
"1156:TCP"= 1156:TCP:Akamai NetSession Interface
"1949:TCP"= 1949:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"2427:TCP"= 2427:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1300:TCP"= 1300:TCP:Akamai NetSession Interface
"1322:TCP"= 1322:TCP:Akamai NetSession Interface
"2976:TCP"= 2976:TCP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2210:TCP"= 2210:TCP:Akamai NetSession Interface
"2308:TCP"= 2308:TCP:Akamai NetSession Interface
"2350:TCP"= 2350:TCP:Akamai NetSession Interface
"2395:TCP"= 2395:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"2127:TCP"= 2127:TCP:Akamai NetSession Interface
"2823:TCP"= 2823:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"2018:TCP"= 2018:TCP:Akamai NetSession Interface
"4462:TCP"= 4462:TCP:Akamai NetSession Interface
"1222:TCP"= 1222:TCP:Akamai NetSession Interface
"1438:TCP"= 1438:TCP:Akamai NetSession Interface
"3403:TCP"= 3403:TCP:Akamai NetSession Interface
"3606:TCP"= 3606:TCP:Akamai NetSession Interface
"2491:TCP"= 2491:TCP:Akamai NetSession Interface
"4412:TCP"= 4412:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2741:TCP"= 2741:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"2319:TCP"= 2319:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"1472:TCP"= 1472:TCP:Akamai NetSession Interface
"4322:TCP"= 4322:TCP:Akamai NetSession Interface
"4526:TCP"= 4526:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4122:TCP"= 4122:TCP:Akamai NetSession Interface
"1298:TCP"= 1298:TCP:Akamai NetSession Interface
"4898:TCP"= 4898:TCP:Akamai NetSession Interface
"4916:TCP"= 4916:TCP:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:Akamai NetSession Interface
"4976:TCP"= 4976:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1190:TCP"= 1190:TCP:Akamai NetSession Interface
"1227:TCP"= 1227:TCP:Akamai NetSession Interface
"1237:TCP"= 1237:TCP:Akamai NetSession Interface
"1272:TCP"= 1272:TCP:Akamai NetSession Interface
"1283:TCP"= 1283:TCP:Akamai NetSession Interface
"1335:TCP"= 1335:TCP:Akamai NetSession Interface
"1344:TCP"= 1344:TCP:Akamai NetSession Interface
"1384:TCP"= 1384:TCP:Akamai NetSession Interface
"1392:TCP"= 1392:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1225:TCP"= 1225:TCP:Akamai NetSession Interface
"1572:TCP"= 1572:TCP:Akamai NetSession Interface
"3502:TCP"= 3502:TCP:Akamai NetSession Interface
"3626:TCP"= 3626:TCP:Akamai NetSession Interface
"2243:TCP"= 2243:TCP:Akamai NetSession Interface
"3046:TCP"= 3046:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"1863:TCP"= 1863:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3546:TCP"= 3546:TCP:Akamai NetSession Interface
"1744:TCP"= 1744:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"1628:TCP"= 1628:TCP:Akamai NetSession Interface
"2224:TCP"= 2224:TCP:Akamai NetSession Interface
"2294:TCP"= 2294:TCP:Akamai NetSession Interface
"2242:TCP"= 2242:TCP:Akamai NetSession Interface
"3185:TCP"= 3185:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1301:TCP"= 1301:TCP:Akamai NetSession Interface
"3621:TCP"= 3621:TCP:Akamai NetSession Interface
"4842:TCP"= 4842:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"2761:TCP"= 2761:TCP:Akamai NetSession Interface
"2093:TCP"= 2093:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"4346:TCP"= 4346:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"4217:TCP"= 4217:TCP:Akamai NetSession Interface
"4246:TCP"= 4246:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"4359:TCP"= 4359:TCP:Akamai NetSession Interface
"1469:TCP"= 1469:TCP:Akamai NetSession Interface
"1477:TCP"= 1477:TCP:Akamai NetSession Interface
"1142:TCP"= 1142:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"3747:TCP"= 3747:TCP:Akamai NetSession Interface
"4190:TCP"= 4190:TCP:Akamai NetSession Interface
"3967:TCP"= 3967:TCP:Akamai NetSession Interface
"2007:TCP"= 2007:TCP:Akamai NetSession Interface
"1239:TCP"= 1239:TCP:Akamai NetSession Interface
"4685:TCP"= 4685:TCP:Akamai NetSession Interface
"3087:TCP"= 3087:TCP:Akamai NetSession Interface
"3106:TCP"= 3106:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1433:TCP"= 1433:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1462:TCP"= 1462:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1209:TCP"= 1209:TCP:Akamai NetSession Interface
"1507:TCP"= 1507:TCP:Akamai NetSession Interface
"1556:TCP"= 1556:TCP:Akamai NetSession Interface
"1591:TCP"= 1591:TCP:Akamai NetSession Interface
"1604:TCP"= 1604:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"3173:TCP"= 3173:TCP:Akamai NetSession Interface
"3206:TCP"= 3206:TCP:Akamai NetSession Interface
"2886:TCP"= 2886:TCP:Akamai NetSession Interface
"2951:TCP"= 2951:TCP:Akamai NetSession Interface
"3020:TCP"= 3020:TCP:Akamai NetSession Interface
"3056:TCP"= 3056:TCP:Akamai NetSession Interface
"3085:TCP"= 3085:TCP:Akamai NetSession Interface
"3119:TCP"= 3119:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"1105:TCP"= 1105:TCP:Akamai NetSession Interface
"1170:TCP"= 1170:TCP:Akamai NetSession Interface
"1210:TCP"= 1210:TCP:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1143:TCP"= 1143:TCP:Akamai NetSession Interface
"1215:TCP"= 1215:TCP:Akamai NetSession Interface
"1311:TCP"= 1311:TCP:Akamai NetSession Interface
"1356:TCP"= 1356:TCP:Akamai NetSession Interface
"1398:TCP"= 1398:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"4957:TCP"= 4957:TCP:Akamai NetSession Interface
"3954:TCP"= 3954:TCP:Akamai NetSession Interface
"3804:TCP"= 3804:TCP:Akamai NetSession Interface
"1953:TCP"= 1953:TCP:Akamai NetSession Interface
"2587:TCP"= 2587:TCP:Akamai NetSession Interface
"2632:TCP"= 2632:TCP:Akamai NetSession Interface
"4966:TCP"= 4966:TCP:Akamai NetSession Interface
"4994:TCP"= 4994:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1183:TCP"= 1183:TCP:Akamai NetSession Interface
"3922:TCP"= 3922:TCP:Akamai NetSession Interface
"4040:TCP"= 4040:TCP:Akamai NetSession Interface
"4728:TCP"= 4728:TCP:Akamai NetSession Interface
"1803:TCP"= 1803:TCP:Akamai NetSession Interface
"4749:TCP"= 4749:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4857:TCP"= 4857:TCP:Akamai NetSession Interface
"4917:TCP"= 4917:TCP:Akamai NetSession Interface
"3562:TCP"= 3562:TCP:Akamai NetSession Interface
"1590:TCP"= 1590:TCP:Akamai NetSession Interface
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"1026:TCP"= 1026:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"3951:TCP"= 3951:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2095:TCP"= 2095:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"4393:TCP"= 4393:TCP:Akamai NetSession Interface
"4407:TCP"= 4407:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"4448:TCP"= 4448:TCP:Akamai NetSession Interface
"4498:TCP"= 4498:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:Akamai NetSession Interface
"2388:TCP"= 2388:TCP:Akamai NetSession Interface
"1259:TCP"= 1259:TCP:Akamai NetSession Interface
"2177:TCP"= 2177:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"4820:TCP"= 4820:TCP:Akamai NetSession Interface
"4841:TCP"= 4841:TCP:Akamai NetSession Interface
"2560:TCP"= 2560:TCP:Akamai NetSession Interface
"3460:TCP"= 3460:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"2826:TCP"= 2826:TCP:Akamai NetSession Interface
"2437:TCP"= 2437:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1909:TCP"= 1909:TCP:Akamai NetSession Interface
"3058:TCP"= 3058:TCP:Akamai NetSession Interface
"3435:TCP"= 3435:TCP:Akamai NetSession Interface
"4348:TCP"= 4348:TCP:Akamai NetSession Interface
"2801:TCP"= 2801:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"1722:TCP"= 1722:TCP:Akamai NetSession Interface
"2202:TCP"= 2202:TCP:Akamai NetSession Interface
"1574:TCP"= 1574:TCP:Akamai NetSession Interface
"4193:TCP"= 4193:TCP:Akamai NetSession Interface
"2998:TCP"= 2998:TCP:Akamai NetSession Interface
"4129:TCP"= 4129:TCP:Akamai NetSession Interface
"4157:TCP"= 4157:TCP:Akamai NetSession Interface
"4169:TCP"= 4169:TCP:Akamai NetSession Interface
"3391:TCP"= 3391:TCP:Akamai NetSession Interface
"3578:TCP"= 3578:TCP:Akamai NetSession Interface
"4962:TCP"= 4962:TCP:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"1097:TCP"= 1097:TCP:Akamai NetSession Interface
"2379:TCP"= 2379:TCP:Akamai NetSession Interface
"3673:TCP"= 3673:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"2434:TCP"= 2434:TCP:Akamai NetSession Interface
"2674:TCP"= 2674:TCP:Akamai NetSession Interface
"3227:TCP"= 3227:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"1892:TCP"= 1892:TCP:Akamai NetSession Interface
"2794:TCP"= 2794:TCP:Akamai NetSession Interface
"1640:TCP"= 1640:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"2920:TCP"= 2920:TCP:Akamai NetSession Interface
"2943:TCP"= 2943:TCP:Akamai NetSession Interface
"1513:TCP"= 1513:TCP:Akamai NetSession Interface
"3665:TCP"= 3665:TCP:Akamai NetSession Interface
"3848:TCP"= 3848:TCP:Akamai NetSession Interface
"4453:TCP"= 4453:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"1988:TCP"= 1988:TCP:Akamai NetSession Interface
"4111:TCP"= 4111:TCP:Akamai NetSession Interface
"4684:TCP"= 4684:TCP:Akamai NetSession Interface
"1499:TCP"= 1499:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"3322:TCP"= 3322:TCP:Akamai NetSession Interface
"1706:TCP"= 1706:TCP:Akamai NetSession Interface
"2452:TCP"= 2452:TCP:Akamai NetSession Interface
"4565:TCP"= 4565:TCP:Akamai NetSession Interface
"4582:TCP"= 4582:TCP:Akamai NetSession Interface
"1752:TCP"= 1752:TCP:Akamai NetSession Interface
"1913:TCP"= 1913:TCP:Akamai NetSession Interface
"2956:TCP"= 2956:TCP:Akamai NetSession Interface
"2644:TCP"= 2644:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"1166:TCP"= 1166:TCP:Akamai NetSession Interface
"4034:TCP"= 4034:TCP:Akamai NetSession Interface
"2980:TCP"= 2980:TCP:Akamai NetSession Interface
"2257:TCP"= 2257:TCP:Akamai NetSession Interface
"2559:TCP"= 2559:TCP:Akamai NetSession Interface
"3867:TCP"= 3867:TCP:Akamai NetSession Interface
"4788:TCP"= 4788:TCP:Akamai NetSession Interface
"1586:TCP"= 1586:TCP:Akamai NetSession Interface
"3448:TCP"= 3448:TCP:Akamai NetSession Interface
"2751:TCP"= 2751:TCP:Akamai NetSession Interface
"4899:TCP"= 4899:TCP:Akamai NetSession Interface
"3105:TCP"= 3105:TCP:Akamai NetSession Interface
"3652:TCP"= 3652:TCP:Akamai NetSession Interface
"1474:TCP"= 1474:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1164:TCP"= 1164:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface

S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [8/20/2008 1:36 PM 142976]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: warriornation.net\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ac3z4fhj.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(2).dll
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(3).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(2).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(2).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(2).dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(3).dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{661d262f-5eb7-4da8-a5d3-6e0069a92d4f} - c:\windows\system32\wamonewe.dll
SSODL-zarifuvop-{661d262f-5eb7-4da8-a5d3-6e0069a92d4f} - c:\windows\system32\wamonewe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 11:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-02 11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 16:14
ComboFix2.txt 2009-11-02 04:15

Pre-Run: 20,212,641,792 bytes free
Post-Run: 20,142,649,344 bytes free

- - End Of File - - 7149C5FC9DA3B572074F84E51ED1FBAB

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Mon Nov 02, 2009 4:31 pm

Okay, lets try MBAM now.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 4:44 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3086
Windows 5.1.2600 Service Pack 3

11/2/2009 11:43:36 AM
mbam-log-2009-11-02 (11-43-36).txt

Scan type: Quick Scan
Objects scanned: 117975
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 39
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 154

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fumegaliv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\turuzefobe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Mon Nov 02, 2009 4:58 pm

Okay, one more round, the vundo snuck back in.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    KILLALL::

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fumegaliv"=-
    "turuzefobe"=-

    Firefox::
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ac3z4fhj.default\
    FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - plugin: c:\documents and settings\Owner\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 5:31 pm

ComboFix 09-11-01.04 - Owner 11/02/2009 12:03.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.554 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\My Pictures\Family\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\My Pictures\Family\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 07:22 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 07:22 . 2009-11-02 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 07:22 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 03:37 . 2009-11-02 03:40 -------- d-----w- C:\Combo-Fix
2009-11-01 00:16 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 00:16 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 00:16 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 00:16 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\program files\Avira
2009-11-01 00:16 . 2009-11-01 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-31 20:56 . 2009-10-31 20:56 262144 ----a-w- C:\ntuser.dat
2009-10-31 19:34 . 2009-10-31 19:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-31 19:30 . 2009-10-31 19:30 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-31 19:28 . 2009-10-31 19:28 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-31 19:26 . 2009-10-31 19:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-31 19:21 . 2009-10-31 19:22 -------- dc-h--w- c:\windows\ie8
2009-10-31 18:20 . 2009-10-31 18:20 -------- d-----w- c:\program files\Trend Micro
2009-10-31 03:27 . 2009-10-31 03:27 64 ----a-w- c:\windows\tsiwinfile.dat
2009-10-31 03:26 . 2009-10-31 03:26 737280 ----a-w- c:\windows\iun6002.exe
2009-10-31 03:26 . 2009-10-31 15:37 -------- d-----w- c:\program files\DefenderPro AntiSpy
2009-10-31 02:22 . 2009-10-31 02:22 -------- d-----w- C:\_OTM
2009-10-31 02:15 . 2009-10-31 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-31 02:14 . 2009-10-31 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 15:00 . 2009-10-30 15:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-10-30 02:46 . 2009-10-30 20:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2009-10-27 06:11 . 2009-10-27 07:04 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-10-27 01:38 . 2009-10-27 01:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-25 23:54 . 2009-10-27 01:38 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 17:17 . 2008-07-16 08:56 -------- d-----w- c:\program files\Common Files\Akamai
2009-11-01 17:13 . 2007-09-12 07:19 -------- d-----w- c:\program files\Diablo II
2009-10-31 20:56 . 2007-01-26 18:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-10-31 19:30 . 2007-01-27 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-31 17:58 . 2009-09-16 07:50 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-10-31 15:36 . 2009-02-13 18:04 -------- d-----w- c:\program files\QuickTime
2009-10-31 15:36 . 2007-05-03 00:42 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-31 15:36 . 2008-07-14 03:31 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-10-31 15:36 . 2009-02-12 16:08 -------- d-----w- c:\program files\Xfire
2009-10-31 15:36 . 2008-01-26 20:09 -------- d-----w- c:\program files\World of Warcraft
2009-10-31 15:36 . 2006-06-09 03:24 -------- d-----w- c:\program files\AvRack
2009-10-31 15:36 . 2008-03-04 13:17 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2009-10-31 15:36 . 2006-06-09 03:26 -------- d-----w- c:\program files\MSN Encarta Plus
2009-10-31 15:33 . 2006-06-09 03:28 -------- d-----w- c:\program files\Viewpoint
2009-10-31 06:42 . 2006-06-09 03:17 -------- d-----w- c:\program files\Google
2009-10-31 03:31 . 2007-01-31 07:57 -------- d-----w- c:\program files\Defender Pro
2009-10-31 03:03 . 2007-04-01 01:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-31 01:28 . 2009-09-07 01:01 -------- d-----w- c:\program files\Pando Networks
2009-10-28 17:27 . 2009-09-07 04:21 -------- d-----w- c:\program files\Turbine
2009-10-27 07:06 . 2007-04-01 01:23 -------- d-----w- c:\program files\Oberon Media
2009-10-27 06:12 . 2009-07-08 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-10-18 02:04 . 2007-12-11 05:23 -------- d-----w- c:\program files\DivX
2009-10-18 02:03 . 2009-09-17 11:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-21 03:39 . 2007-05-15 01:57 -------- d--h--w- c:\documents and settings\Owner\Application Data\Move Networks
2009-09-16 07:50 . 2009-09-16 07:50 -------- d-----w- c:\program files\uTorrent
2009-09-15 07:38 . 2009-07-04 20:24 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix GOLD
2009-09-15 07:25 . 2009-09-15 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine
2009-09-07 04:46 . 2009-09-07 04:46 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-09-06 09:36 . 2009-09-06 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-03 19:51 . 2009-09-03 19:48 -------- d-----w- c:\program files\Stealthbot
2009-08-23 21:14 . 2007-01-27 00:51 1216 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(3).dll
2009-08-23 13:13 . 2009-02-14 07:25 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2007-04-14 20:00 . 2007-04-14 20:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 23544 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(3).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(2).dll
2009-10-28 08:55 . 2008-09-03 00:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(3).dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-02 17:16 . 2009-11-02 17:16 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
+ 2004-08-26 16:12 . 2009-11-02 16:50 64518 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2009-11-02 03:32 64518 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2009-11-02 16:50 409122 c:\windows\system32\perfh009.dat
- 2004-08-26 16:12 . 2009-11-02 03:32 409122 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Power2GoExpress"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-26 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2009-7-3 942592]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Backyard Hockey 2005 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Backyard Hockey 2005 Registration.lnk
backup=c:\windows\pss\Backyard Hockey 2005 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3528:TCP"= 3528:TCP:Akamai NetSession Interface
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"4042:TCP"= 4042:TCP:Akamai NetSession Interface
"2977:TCP"= 2977:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"2275:TCP"= 2275:TCP:Akamai NetSession Interface
"3467:TCP"= 3467:TCP:Akamai NetSession Interface
"4001:TCP"= 4001:TCP:Akamai NetSession Interface
"4325:TCP"= 4325:TCP:Akamai NetSession Interface
"4927:TCP"= 4927:TCP:Akamai NetSession Interface
"4942:TCP"= 4942:TCP:Akamai NetSession Interface
"1310:TCP"= 1310:TCP:Akamai NetSession Interface
"4935:TCP"= 4935:TCP:Akamai NetSession Interface
"4353:TCP"= 4353:TCP:Akamai NetSession Interface
"2511:TCP"= 2511:TCP:Akamai NetSession Interface
"2529:TCP"= 2529:TCP:Akamai NetSession Interface
"2515:TCP"= 2515:TCP:Akamai NetSession Interface
"1973:TCP"= 1973:TCP:Akamai NetSession Interface
"3514:TCP"= 3514:TCP:Akamai NetSession Interface
"3412:TCP"= 3412:TCP:Akamai NetSession Interface
"1939:TCP"= 1939:TCP:Akamai NetSession Interface
"1281:TCP"= 1281:TCP:Akamai NetSession Interface
"4343:TCP"= 4343:TCP:Akamai NetSession Interface
"3005:TCP"= 3005:TCP:Akamai NetSession Interface
"3268:TCP"= 3268:TCP:Akamai NetSession Interface
"4930:TCP"= 4930:TCP:Akamai NetSession Interface
"4829:TCP"= 4829:TCP:Akamai NetSession Interface
"1156:TCP"= 1156:TCP:Akamai NetSession Interface
"1949:TCP"= 1949:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"2427:TCP"= 2427:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1286:TCP"= 1286:TCP:Akamai NetSession Interface
"1300:TCP"= 1300:TCP:Akamai NetSession Interface
"1322:TCP"= 1322:TCP:Akamai NetSession Interface
"2976:TCP"= 2976:TCP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2210:TCP"= 2210:TCP:Akamai NetSession Interface
"2308:TCP"= 2308:TCP:Akamai NetSession Interface
"2350:TCP"= 2350:TCP:Akamai NetSession Interface
"2395:TCP"= 2395:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"2127:TCP"= 2127:TCP:Akamai NetSession Interface
"2823:TCP"= 2823:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"2018:TCP"= 2018:TCP:Akamai NetSession Interface
"4462:TCP"= 4462:TCP:Akamai NetSession Interface
"1222:TCP"= 1222:TCP:Akamai NetSession Interface
"1438:TCP"= 1438:TCP:Akamai NetSession Interface
"3403:TCP"= 3403:TCP:Akamai NetSession Interface
"3606:TCP"= 3606:TCP:Akamai NetSession Interface
"2491:TCP"= 2491:TCP:Akamai NetSession Interface
"4412:TCP"= 4412:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"2741:TCP"= 2741:TCP:Akamai NetSession Interface
"3285:TCP"= 3285:TCP:Akamai NetSession Interface
"2319:TCP"= 2319:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"1472:TCP"= 1472:TCP:Akamai NetSession Interface
"4322:TCP"= 4322:TCP:Akamai NetSession Interface
"4526:TCP"= 4526:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4122:TCP"= 4122:TCP:Akamai NetSession Interface
"1298:TCP"= 1298:TCP:Akamai NetSession Interface
"4898:TCP"= 4898:TCP:Akamai NetSession Interface
"4916:TCP"= 4916:TCP:Akamai NetSession Interface
"4945:TCP"= 4945:TCP:Akamai NetSession Interface
"4976:TCP"= 4976:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1190:TCP"= 1190:TCP:Akamai NetSession Interface
"1227:TCP"= 1227:TCP:Akamai NetSession Interface
"1237:TCP"= 1237:TCP:Akamai NetSession Interface
"1272:TCP"= 1272:TCP:Akamai NetSession Interface
"1283:TCP"= 1283:TCP:Akamai NetSession Interface
"1335:TCP"= 1335:TCP:Akamai NetSession Interface
"1344:TCP"= 1344:TCP:Akamai NetSession Interface
"1384:TCP"= 1384:TCP:Akamai NetSession Interface
"1392:TCP"= 1392:TCP:Akamai NetSession Interface
"1427:TCP"= 1427:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1225:TCP"= 1225:TCP:Akamai NetSession Interface
"1572:TCP"= 1572:TCP:Akamai NetSession Interface
"3502:TCP"= 3502:TCP:Akamai NetSession Interface
"3626:TCP"= 3626:TCP:Akamai NetSession Interface
"2243:TCP"= 2243:TCP:Akamai NetSession Interface
"3046:TCP"= 3046:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"1863:TCP"= 1863:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"2656:TCP"= 2656:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3546:TCP"= 3546:TCP:Akamai NetSession Interface
"1744:TCP"= 1744:TCP:Akamai NetSession Interface
"1765:TCP"= 1765:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"1628:TCP"= 1628:TCP:Akamai NetSession Interface
"2224:TCP"= 2224:TCP:Akamai NetSession Interface
"2294:TCP"= 2294:TCP:Akamai NetSession Interface
"2242:TCP"= 2242:TCP:Akamai NetSession Interface
"3185:TCP"= 3185:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1301:TCP"= 1301:TCP:Akamai NetSession Interface
"3621:TCP"= 3621:TCP:Akamai NetSession Interface
"4842:TCP"= 4842:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"2761:TCP"= 2761:TCP:Akamai NetSession Interface
"2093:TCP"= 2093:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"4346:TCP"= 4346:TCP:Akamai NetSession Interface
"1366:TCP"= 1366:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"4217:TCP"= 4217:TCP:Akamai NetSession Interface
"4246:TCP"= 4246:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"4359:TCP"= 4359:TCP:Akamai NetSession Interface
"1469:TCP"= 1469:TCP:Akamai NetSession Interface
"1477:TCP"= 1477:TCP:Akamai NetSession Interface
"1142:TCP"= 1142:TCP:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:Akamai NetSession Interface
"3747:TCP"= 3747:TCP:Akamai NetSession Interface
"4190:TCP"= 4190:TCP:Akamai NetSession Interface
"3967:TCP"= 3967:TCP:Akamai NetSession Interface
"2007:TCP"= 2007:TCP:Akamai NetSession Interface
"1239:TCP"= 1239:TCP:Akamai NetSession Interface
"4685:TCP"= 4685:TCP:Akamai NetSession Interface
"3087:TCP"= 3087:TCP:Akamai NetSession Interface
"3106:TCP"= 3106:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1433:TCP"= 1433:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"1462:TCP"= 1462:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1209:TCP"= 1209:TCP:Akamai NetSession Interface
"1507:TCP"= 1507:TCP:Akamai NetSession Interface
"1556:TCP"= 1556:TCP:Akamai NetSession Interface
"1591:TCP"= 1591:TCP:Akamai NetSession Interface
"1604:TCP"= 1604:TCP:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"3173:TCP"= 3173:TCP:Akamai NetSession Interface
"3206:TCP"= 3206:TCP:Akamai NetSession Interface
"2886:TCP"= 2886:TCP:Akamai NetSession Interface
"2951:TCP"= 2951:TCP:Akamai NetSession Interface
"3020:TCP"= 3020:TCP:Akamai NetSession Interface
"3056:TCP"= 3056:TCP:Akamai NetSession Interface
"3085:TCP"= 3085:TCP:Akamai NetSession Interface
"3119:TCP"= 3119:TCP:Akamai NetSession Interface
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"1105:TCP"= 1105:TCP:Akamai NetSession Interface
"1170:TCP"= 1170:TCP:Akamai NetSession Interface
"1210:TCP"= 1210:TCP:Akamai NetSession Interface
"1218:TCP"= 1218:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1143:TCP"= 1143:TCP:Akamai NetSession Interface
"1215:TCP"= 1215:TCP:Akamai NetSession Interface
"1311:TCP"= 1311:TCP:Akamai NetSession Interface
"1356:TCP"= 1356:TCP:Akamai NetSession Interface
"1398:TCP"= 1398:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"4957:TCP"= 4957:TCP:Akamai NetSession Interface
"3954:TCP"= 3954:TCP:Akamai NetSession Interface
"3804:TCP"= 3804:TCP:Akamai NetSession Interface
"1953:TCP"= 1953:TCP:Akamai NetSession Interface
"2587:TCP"= 2587:TCP:Akamai NetSession Interface
"2632:TCP"= 2632:TCP:Akamai NetSession Interface
"4966:TCP"= 4966:TCP:Akamai NetSession Interface
"4994:TCP"= 4994:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1183:TCP"= 1183:TCP:Akamai NetSession Interface
"3922:TCP"= 3922:TCP:Akamai NetSession Interface
"4040:TCP"= 4040:TCP:Akamai NetSession Interface
"4728:TCP"= 4728:TCP:Akamai NetSession Interface
"1803:TCP"= 1803:TCP:Akamai NetSession Interface
"4749:TCP"= 4749:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4857:TCP"= 4857:TCP:Akamai NetSession Interface
"4917:TCP"= 4917:TCP:Akamai NetSession Interface
"3562:TCP"= 3562:TCP:Akamai NetSession Interface
"1590:TCP"= 1590:TCP:Akamai NetSession Interface
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"3820:TCP"= 3820:TCP:Akamai NetSession Interface
"1026:TCP"= 1026:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"3951:TCP"= 3951:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"2095:TCP"= 2095:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"4393:TCP"= 4393:TCP:Akamai NetSession Interface
"4407:TCP"= 4407:TCP:Akamai NetSession Interface
"4422:TCP"= 4422:TCP:Akamai NetSession Interface
"4448:TCP"= 4448:TCP:Akamai NetSession Interface
"4498:TCP"= 4498:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4523:TCP"= 4523:TCP:Akamai NetSession Interface
"2388:TCP"= 2388:TCP:Akamai NetSession Interface
"1259:TCP"= 1259:TCP:Akamai NetSession Interface
"2177:TCP"= 2177:TCP:Akamai NetSession Interface
"1318:TCP"= 1318:TCP:Akamai NetSession Interface
"4820:TCP"= 4820:TCP:Akamai NetSession Interface
"4841:TCP"= 4841:TCP:Akamai NetSession Interface
"2560:TCP"= 2560:TCP:Akamai NetSession Interface
"3460:TCP"= 3460:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"2826:TCP"= 2826:TCP:Akamai NetSession Interface
"2437:TCP"= 2437:TCP:Akamai NetSession Interface
"1702:TCP"= 1702:TCP:Akamai NetSession Interface
"1909:TCP"= 1909:TCP:Akamai NetSession Interface
"3058:TCP"= 3058:TCP:Akamai NetSession Interface
"3435:TCP"= 3435:TCP:Akamai NetSession Interface
"4348:TCP"= 4348:TCP:Akamai NetSession Interface
"2801:TCP"= 2801:TCP:Akamai NetSession Interface
"2923:TCP"= 2923:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"1722:TCP"= 1722:TCP:Akamai NetSession Interface
"2202:TCP"= 2202:TCP:Akamai NetSession Interface
"1574:TCP"= 1574:TCP:Akamai NetSession Interface
"4193:TCP"= 4193:TCP:Akamai NetSession Interface
"2998:TCP"= 2998:TCP:Akamai NetSession Interface
"4129:TCP"= 4129:TCP:Akamai NetSession Interface
"4157:TCP"= 4157:TCP:Akamai NetSession Interface
"4169:TCP"= 4169:TCP:Akamai NetSession Interface
"3391:TCP"= 3391:TCP:Akamai NetSession Interface
"3578:TCP"= 3578:TCP:Akamai NetSession Interface
"4962:TCP"= 4962:TCP:Akamai NetSession Interface
"4668:TCP"= 4668:TCP:Akamai NetSession Interface
"1383:TCP"= 1383:TCP:Akamai NetSession Interface
"1097:TCP"= 1097:TCP:Akamai NetSession Interface
"2379:TCP"= 2379:TCP:Akamai NetSession Interface
"3673:TCP"= 3673:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"2434:TCP"= 2434:TCP:Akamai NetSession Interface
"2674:TCP"= 2674:TCP:Akamai NetSession Interface
"3227:TCP"= 3227:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"1892:TCP"= 1892:TCP:Akamai NetSession Interface
"2794:TCP"= 2794:TCP:Akamai NetSession Interface
"1640:TCP"= 1640:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"2920:TCP"= 2920:TCP:Akamai NetSession Interface
"2943:TCP"= 2943:TCP:Akamai NetSession Interface
"1513:TCP"= 1513:TCP:Akamai NetSession Interface
"3665:TCP"= 3665:TCP:Akamai NetSession Interface
"3848:TCP"= 3848:TCP:Akamai NetSession Interface
"4453:TCP"= 4453:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"1988:TCP"= 1988:TCP:Akamai NetSession Interface
"4111:TCP"= 4111:TCP:Akamai NetSession Interface
"4684:TCP"= 4684:TCP:Akamai NetSession Interface
"1499:TCP"= 1499:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"3322:TCP"= 3322:TCP:Akamai NetSession Interface
"1706:TCP"= 1706:TCP:Akamai NetSession Interface
"2452:TCP"= 2452:TCP:Akamai NetSession Interface
"4565:TCP"= 4565:TCP:Akamai NetSession Interface
"4582:TCP"= 4582:TCP:Akamai NetSession Interface
"1752:TCP"= 1752:TCP:Akamai NetSession Interface
"1913:TCP"= 1913:TCP:Akamai NetSession Interface
"2956:TCP"= 2956:TCP:Akamai NetSession Interface
"2644:TCP"= 2644:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"1166:TCP"= 1166:TCP:Akamai NetSession Interface
"4034:TCP"= 4034:TCP:Akamai NetSession Interface
"2980:TCP"= 2980:TCP:Akamai NetSession Interface
"2257:TCP"= 2257:TCP:Akamai NetSession Interface
"2559:TCP"= 2559:TCP:Akamai NetSession Interface
"3867:TCP"= 3867:TCP:Akamai NetSession Interface
"4788:TCP"= 4788:TCP:Akamai NetSession Interface
"1586:TCP"= 1586:TCP:Akamai NetSession Interface
"3448:TCP"= 3448:TCP:Akamai NetSession Interface
"2751:TCP"= 2751:TCP:Akamai NetSession Interface
"4899:TCP"= 4899:TCP:Akamai NetSession Interface
"3105:TCP"= 3105:TCP:Akamai NetSession Interface
"3652:TCP"= 3652:TCP:Akamai NetSession Interface
"1474:TCP"= 1474:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1164:TCP"= 1164:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 11:12 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 7:16 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/24/2007 8:31 AM 24652]
S2 gupdate1c9b7eebc5c3ed2;Google Update Service (gupdate1c9b7eebc5c3ed2);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2009 9:07 PM 133104]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/15/2009 2:25 AM 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/15/2009 2:25 AM 218608]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [8/20/2008 1:36 PM 142976]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 02:06]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: warriornation.net\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ac3z4fhj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(2).dll
FF - component: c:\program files\Mozilla Firefox\components\browserdirprovider(3).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(2).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(2).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010(3).dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(2).dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32(3).dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 12:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,56,c8,a3,ca,52,bc,43,96,99,7a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
.
**************************************************************************
.
Completion time: 2009-11-02 12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 17:28
ComboFix2.txt 2009-11-02 16:15
ComboFix3.txt 2009-11-02 04:15

Pre-Run: 19,807,608,832 bytes free
Post-Run: 19,758,071,808 bytes free

- - End Of File - - BCD068C1A2DEA3EBCFA29403871BBD3B

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Mon Nov 02, 2009 6:11 pm

Okay, one last log I want to see.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 6:20 pm

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Age of Empires III
Age of Empires III - The WarChiefs
AIM 6
Apple Software Update
AT&T Yahoo! Applications
Avira AntiVir Personal - Free Antivirus
Backyard Hockey 2005
Big Fish Games Client
Brain Training for Dummies®
Browser Address Error Redirector
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
Defender Pro PC Tune-up and Repair
DefenderPro AntiSpy
Diablo II
Digimax Master
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Driver Installer
Dungeons and Dragons Online™ - Eberron Unlimited™ - Live
DVD Solution
ebgcInfra
ebgcRes
ebgcSDK
Google Update Helper
Google Video Uploader
Hero Editor V0.96
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterActual Player
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Labtec WebCam Software
Labtec® Camera Driver
LEGO Racers 2
Lexmark 1200 Series
LimeWire PRO 4.12.10
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Network Play System (Patching)
NVIDIA Drivers
OpenOffice.org Installer 1.0
Pharaoh
Power2Go 4.0
PowerDVD
PowerVideoMaker Professional 2.9.1
QuickTime
RCA Detective 1.0.0.96
RCA Detective™ 2.0.0.99
RCA easyRip 2.1.7.0
RCA EasyRip™ 1.4.2.0
RealPlayer Basic
Realtek AC'97 Audio
ResumeMaker
ROSE Online Evolution
Roxio Easy Media Creator 7 Basic Edition
S500/S600 USB Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Soft Data Fax Modem with SmartCP
Soldier of Fortune II - Double Helix GOLD
Turbine Download Manager - Live
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Viewpoint Media Player
Windows Backup Utility
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Search Protection
Yahoo! Software Update

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Mon Nov 02, 2009 6:23 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    J2SE Runtime Environment 5.0 Update 2
    Java(TM) 6 Update 15
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire PRO 4.12.10
    Viewpoint Media Player

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 6:37 pm

Seems to be running better. So far no pop-ups or anything else that was happening with the PG2009. My wireless seems to still be running slow, but I may need to go reset the modem.

Many thanks, you all rock.

Will post if something comes up.

Thanks Again.

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Belahzur on Mon Nov 02, 2009 6:41 pm

No problem.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal Guard 2009 really making me mad

Post by Bashcc73 on Mon Nov 02, 2009 7:10 pm

Thank you again for the help. I added the add-ons for Firefox and also grabbed SpywareBlaster. Hope to not have this issue again, but if I do nice to know that there are people such as yourself that are willing to take the time to lend a hand.

God Bless

Bashcc73
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-10-31
Gender : Male
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum