Infections.

View previous topic View next topic Go down

Infections.

Post by Chriss on 8th April 2010, 3:56 pm

Hi, I recently removed the rogue XP Security 2010 or at least I think I removed it but now after that removal my web pages turns to random advertisements. It doesn't always but does so frequently. And on startups I get these error popups where my screen just turns to my backround after closing them. I used taskmanager in order to open up the browser and then icons and taskbar comes back up. I ran Malwarebytes and AVG but the problem is still there. Any help would be greatly appreciated. Thanks in advance.

-edit- By the way VIPRE kept on popping up some message about the Virus.W32, a bad sign I believe?

This is the log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:08 AM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Desktop\winlogon(2).scr
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [fzwkht] RUNDLL32.EXE C:\WINDOWS\system32\msuqddft.dll,w
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [COMODO System Cleaner Finalize All] "C:\Program Files\COMODO\COMODO System-Cleaner\CSC.EXE" //delete_all
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Policies\Explorer\Run: [vrna] C:\DOCUME~1\User\LOCALS~1\Temp\s0q6.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} (GlbNetmarbleGameStarter Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} (GlbNetmarbleWebMessenger Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 7846 bytes

Chriss
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-08
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infections.

Post by Dr Jay on 8th April 2010, 7:34 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infections.

Post by Chriss on 8th April 2010, 9:04 pm

Sorry for the late reply.

Here's the log

ComboFix 10-04-07.04 - User 04/08/2010 16:35:15.2.2 - x86
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\_VOIDmfeklnmal.dll
c:\documents and settings\LocalService\Local Settings\Application Data\ave.exe
c:\program files\SGPSA
c:\windows\Fonts\services.exe
c:\windows\irc.txt
c:\windows\patchw.dll
c:\windows\system32\2176432.exe
c:\windows\system32\2228.exe
c:\windows\system32\2765772.exe
c:\windows\system32\3194.exe
c:\windows\system32\5888925.exe
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\ctfmon .exe
c:\windows\system32\driVERs\fikkgty.sys
c:\windows\system32\Install.txt
c:\windows\system32\ms.bin
c:\windows\system32\msuqddft.dll
c:\windows\system32\opear.exe
c:\windows\system32\PowerDes.exe
c:\windows\system32\so.bin
c:\windows\system32\Thumbs.db
c:\windows\system32\w.exe

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

c:\windows\system32\clipsrv.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSVC
-------\Legacy_NPF
-------\Legacy_SEAGATE
-------\Legacy__VOIDQWBDMXTKOS
-------\Service__VOIDqwbdmxtkos
-------\Legacy_fikkgty
-------\Service_fikkgty


((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 20:29 . 2010-04-09 01:37 36864 ----a-w- c:\windows\system32\d.bin
2010-04-08 15:36 . 2010-04-08 15:36 -------- d-----w- c:\windows\system32\Events
2010-04-08 04:55 . 2010-04-08 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-08 04:55 . 2010-04-08 04:55 -------- d-----w- c:\program files\NOS
2010-04-08 04:54 . 2010-03-22 19:53 32576 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gux2rxp0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-04-08 04:54 . 2010-03-22 19:53 29984 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gux2rxp0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-04-08 04:02 . 2010-04-08 04:02 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Security Toolbar
2010-04-08 00:22 . 2010-02-23 18:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-04-07 22:34 . 2010-04-07 22:34 -------- d-----w- C:\$AVG
2010-04-07 22:30 . 2010-04-07 22:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-07 22:30 . 2010-04-07 22:30 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-07 22:30 . 2010-04-07 22:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-07 22:30 . 2010-04-07 22:30 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-07 22:30 . 2010-04-07 22:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-07 22:30 . 2010-04-08 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-07 22:05 . 2010-04-07 22:14 31492 ----a-w- c:\windows\crpf.bin
2010-04-07 22:05 . 2010-04-07 22:14 31032 ----a-w- c:\windows\crpf_sdum.bin
2010-04-07 22:05 . 2010-04-07 22:05 597416 ----a-w- c:\windows\csdf_sdum.dat
2010-04-07 22:05 . 2010-04-07 22:05 1234512 ----a-w- c:\windows\csdf.dat
2010-04-07 20:57 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 20:57 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 20:57 . 2010-04-07 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 18:08 . 2010-04-07 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-07 18:08 . 2010-04-07 18:08 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-04-07 18:08 . 2010-04-07 18:08 -------- d-----w- c:\program files\Yahoo!
2010-04-07 18:08 . 2010-04-07 18:08 -------- d-----w- c:\program files\CCleaner
2010-04-07 17:01 . 2010-04-07 17:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-07 08:09 . 2010-04-07 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-07 05:14 . 2010-04-07 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-04-07 05:13 . 2010-04-07 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-04-07 05:13 . 2010-04-07 05:13 -------- d-----w- c:\program files\Common Files\iS3
2010-04-07 05:01 . 2010-04-07 05:01 4 ----a-w- c:\program files\107906.dat
2010-04-07 04:27 . 2010-04-07 04:27 -------- d-----w- c:\documents and settings\Chrissy\Local Settings\Application Data\Adobe
2010-04-07 04:19 . 2010-04-07 04:20 -------- d-----w- c:\documents and settings\Chrissy
2010-04-07 03:02 . 2010-04-07 03:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-04-07 00:47 . 2010-04-07 00:47 118 ----a-w- C:\tujserrew.bat
2010-04-07 00:47 . 2010-04-07 23:39 -------- d-----w- c:\documents and settings\User\Application Data\8284A18042AA219404A30DBF8510C855
2010-03-29 08:35 . 2010-03-29 08:35 -------- d-----w- c:\windows\Internet Logs
2010-03-29 08:11 . 2010-03-29 08:11 -------- d-----w- c:\documents and settings\User\Application Data\CheckPoint
2010-03-29 08:11 . 2010-03-29 08:35 -------- d-----w- c:\program files\CheckPoint
2010-03-29 08:11 . 2010-03-29 08:11 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-29 07:50 . 2010-04-01 21:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp
2010-03-29 07:49 . 2010-03-29 07:50 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2010-03-28 19:50 . 2010-03-28 19:50 -------- d-----w- c:\documents and settings\User\Application DataComodoGroup
2010-03-28 19:47 . 2010-03-28 19:47 -------- d-----w- c:\documents and settings\User\Application Data\ComodoGroup
2010-03-28 19:46 . 2010-03-28 19:46 -------- d-----w- c:\program files\COMODO
2010-03-28 19:43 . 2010-04-02 03:56 -------- d-----w- c:\documents and settings\User\Application Data\IObit
2010-03-21 00:27 . 2010-03-21 00:27 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real
2010-03-21 00:26 . 2010-03-21 00:26 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-14 15:38 . 2010-03-14 16:03 -------- d-----w- c:\documents and settings\User\Application Data\NeopleLauncherDFO
2010-03-14 10:46 . 2010-03-14 10:46 -------- d-----w- C:\Nexon
2010-03-11 02:40 . 2009-10-23 15:28 3583488 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 01:33 . 2010-04-08 20:53 92672 ----a-w- c:\windows\system32\w.exe
2010-04-09 01:33 . 2010-04-08 20:53 35840 ----a-w- c:\windows\system32\ms.bin
2010-04-09 01:33 . 2010-04-08 20:53 44032 ----a-w- c:\windows\system32\so.bin
2010-04-08 20:53 . 2010-04-08 20:53 200192 ----a-w- c:\windows\system32\5476908.exe
2010-04-08 20:53 . 2010-04-08 20:53 36865 ----a-w- c:\windows\system32\msuqddft.dll
2010-04-08 20:53 . 2010-04-08 20:53 168178 ----a-w- c:\windows\system32\6709559.exe
2010-04-08 15:51 . 2008-01-12 18:28 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-08 04:48 . 2008-01-12 19:03 -------- d-----w- c:\program files\Java
2010-04-08 04:22 . 2009-12-04 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-08 03:35 . 2008-08-17 22:53 29184 ------w- c:\windows\system32\spupdwxp.exe
2010-04-08 01:41 . 2009-11-17 05:12 -------- d-----w- c:\program files\iTunes
2010-04-08 01:34 . 2009-12-10 22:59 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat
2010-04-08 01:13 . 2008-01-12 18:35 -------- d-----w- c:\program files\Realtek AC97
2010-04-08 01:10 . 2009-11-17 05:06 -------- d-----w- c:\program files\QuickTime
2010-04-08 01:04 . 2008-01-12 18:15 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-07 23:41 . 2008-01-12 18:31 -------- d-----w- c:\program files\ltmoh
2010-04-07 23:09 . 2009-06-27 19:38 46080 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\amoinst.exe
2010-04-07 23:04 . 2004-07-09 09:08 480768 ----a-w- c:\program files\dxsetup.exe
2010-04-07 22:36 . 2008-08-27 20:25 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-07 22:16 . 2008-01-12 18:35 10540032 ----a-w- c:\windows\system32\RTLCPL.exe
2010-04-07 22:13 . 2009-03-02 02:19 396800 ----a-w- c:\windows\system32\CF26379.exe
2010-04-07 22:12 . 2009-09-28 17:19 74240 ----a-w- c:\windows\IFinst27.exe
2010-04-07 22:11 . 2001-08-23 08:00 23552 ----a-w- c:\windows\system32\taskman.exe
2010-04-07 22:10 . 2006-09-20 05:09 44032 ----a-w- c:\windows\system32\qfecheck.exe
2010-04-07 22:09 . 2008-08-17 22:49 17920 ------w- c:\windows\system32\comsdupd.exe
2010-04-07 22:04 . 2006-09-20 05:09 93184 ----a-w- c:\windows\system32\pintool.exe
2010-04-07 22:02 . 2008-01-12 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 21:49 . 2006-09-20 05:09 36864 ----a-w- c:\windows\system32\verclsid.exe
2010-04-07 06:23 . 2010-04-07 06:21 1216 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-07 04:26 . 2010-04-07 04:26 4 ----a-w- c:\program files\91953.dat
2010-04-02 03:56 . 2010-03-05 21:05 -------- d-----w- c:\program files\IObit
2010-03-23 02:14 . 2009-08-25 11:18 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-03-21 00:26 . 2010-03-21 00:26 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-21 00:26 . 2010-03-21 00:26 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-21 00:26 . 2010-03-21 00:26 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-21 00:26 . 2010-03-21 00:26 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-21 00:26 . 2010-03-21 00:26 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-21 00:26 . 2010-03-21 00:26 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-21 00:26 . 2010-03-21 00:26 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-21 00:26 . 2010-03-21 00:26 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-21 00:26 . 2008-04-25 22:15 -------- d-----w- c:\program files\Common Files\Real
2010-03-21 00:26 . 2010-03-21 00:24 -------- d-----w- c:\program files\real
2010-03-21 00:25 . 2010-03-21 00:25 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-21 00:24 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-21 00:24 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-14 10:45 . 2008-08-08 14:56 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-03-14 10:45 . 2008-08-08 14:56 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-03-14 10:45 . 2008-08-08 14:56 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-03-14 10:45 . 2008-08-08 14:56 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-03-14 10:45 . 2008-08-08 14:56 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-03-07 08:13 . 2008-10-10 01:00 -------- d-----w- c:\program files\Steam
2010-03-07 04:18 . 2010-03-07 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-07 04:16 . 2010-03-07 04:16 -------- d-----w- c:\documents and settings\User\Application Data\Office Genuine Advantage
2010-03-05 21:36 . 2008-01-12 18:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 21:03 . 2010-03-05 21:03 -------- d-----w- c:\documents and settings\User\Application Data\ijjigame
2010-03-05 18:48 . 2010-03-05 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2010-02-25 06:24 . 2006-09-20 05:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-17 02:16 . 2010-02-17 02:16 84480 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.64.0A.dll
2010-02-17 02:16 . 2010-02-17 02:16 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2010-01-09 16:49 . 2010-01-09 16:49 43968 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-03 00:10 . 2009-03-01 21:30 5211 ----a-w- c:\program files\vacache.dat
2004-07-22 15:51 . 2004-07-22 15:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-20 03:58 . 2004-07-20 03:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-20 03:53 . 2004-07-20 03:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 19:17 . 2004-07-09 19:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 14:13 . 2004-07-09 14:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 14:13 . 2004-07-09 14:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 09:08 . 2004-07-09 09:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 08:03 . 2004-07-09 08:03 62976 ----a-w- c:\program files\DSETUP.dll
.
Code:
<pre>
c:\program files\COMODO\COMODO System-Cleaner\csc .exe
c:\program files\QuickTime\qttask            .exe
c:\windows\ime\imjp8_1\imjpmig .exe
c:\windows\ime\imkr6_1\imekrmig .exe
c:\windows\system32\IME\TINTLGNT\tintsetp .exe
</pre>

------- Sigcheck -------

[-] 2008-04-14 . 6C0C579E519922C2F9AF713D42C66CB6 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 81AE99ED11AFE83A038D750F986A68D2 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2008-04-14 . 4EA2EA3DF5FFAF5E9C07247867089A54 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2006-09-20 . 0B1D25C9B37B0032A6792A815C8D8C3F . 82944 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . B6FCCEA73F9E40AAD596833812649A1B . 50688 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . B9308E1B556F266F1667AFDBC427ECB3 . 50688 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2008-04-14 . 40C810F612B10DFDA93A1968B0BBEAC3 . 50688 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . 66BA812EFBC23013D8B93D637FC4EBE6 . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . B1034E6768CD996027BE49CBEC4E7FF4 . 1058304 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7FFC0FD7357C98C05EA246C4BC75E8A8 . 1057792 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2006-09-20 . F27E3CEB58F7F03A1442BEF95525FEC9 . 1056768 . . [6.00.2900.2649] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2010-04-08 . 921A57BBD39BD54E1E64553EE2CB048E . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 . A1D31D227BC6499CDC5A618A82CF2AF5 . 38400 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F5451240842AFF01E603EC39092B1D64 . 38400 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 4FC2CCA525ECF4A2A094086933A97EF8 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 738929F55A971C57FA79BED4A8AB585A . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2008-04-14 . A9898C570A41CF4C73AA5159BFFBC3D3 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-04 . EDE0A25E68309E925BB34DF1C72BB66B . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-14 6725632]
"nwiz"="nwiz.exe" [N/A]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-09-20 233472]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 68608]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 480256]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 480256]
"fzwkht"="c:\windows\system32\msuqddft.dll" [2010-04-08 36865]
"COMODO System Cleaner Finalize All"="c:\program files\COMODO\COMODO System-Cleaner\CSC.EXE" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"exec"="c:\windows\fonts\services.exe" [2008-04-14 151552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-07 22:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-02-20 20:00 88363 ----a-w- c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-04-07 22:28 2059544 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
c:\program files\HP\hpcoretech\hpcmpmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 16:24 73728 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 180224 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 57344 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-21 07:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"gusvc"=3 (0x3)
"avg9wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\steamapps\\visor202\\counter-strike\\hl.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"Game.exe"= Game.exe:GostSoul
"c:\\Program Files\\Steam\\steamapps\\visor202\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\illusion03\\day of defeat\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\illusion03\\counter-strike\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\steam\\steamapps\\visor202\\counter-strike\\hl.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7769:TCP"= 7769:TCP:*:Disabled:SolidNetworkManager
"7769:UDP"= 7769:UDP:*:Disabled:SolidNetworkManager

R0 CFRMD;CFRMD;c:\windows\System32\drivers\CFRMD.sys [x]
R0 mgwlaou;mgwlaou;c:\windows\System32\drivers\ojin.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R2 njvsdbmvnh;njvsdbmvnh;c:\windows\system32\drivers\eselp.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-16 3465452]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 49152]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-08-12 19020]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-07 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 20:28]

2010-02-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-04-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-688789844-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-04-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-688789844-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-03-28 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-28 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} - [You must be registered and logged in to see this link.]
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - [You must be registered and logged in to see this link.]
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gux2rxp0.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gux2rxp0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-SBAMSvc
SafeBoot-SBPIMSvc
AddRemove-HijackThis - c:\documents and settings\User\My Documents\Downloads\HijackThis.exe
AddRemove-HP Photo & Imaging - c:\program files\HP\Digital Imaging\uninstall\hpzscr01.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-08 16:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C1CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8814f28
\Driver\ACPI -> ACPI.sys @ 0xf8767cb8
\Driver\atapi -> atapi.sys @ 0xf86db852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Atheros AR5001X+ Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf85e7bd4
PacketIndicateHandler -> NDIS.sys @ 0xf85f3a21
SendHandler -> NDIS.sys @ 0xf85e7d44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-688789844-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{330BC7EB-7459-E22D-2B68-73FE97BD08EF}*]
"damgljgo"=hex:64,62,6c,62,70,67,6f,66,65,68,69,6b,61,66,6b,66,6f,66,66,66,67,
6e,63,66,66,6f,64,62,63,61,66,6a,66,6f,6b,69,69,70,66,6c,00,00
"iapajgihcbpafjgeik"=hex:6b,61,67,6c,63,65,6d,68,6c,6b,66,6a,6a,70,65,6b,64,68,
70,61,62,62,00,00
"hajblgfnjihpfaaa"=hex:6b,61,67,6c,63,65,6d,68,6c,6b,66,6a,6a,70,65,6b,64,68,
70,61,62,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\WININET.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\WININET.dll
c:\windows\system32\msuqddft.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\w.exe
c:\windows\System32\Rundll32.exe
.
**************************************************************************
.
Completion time: 2010-04-08 17:02:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 21:02

Pre-Run: 48,012,976,128 bytes free
Post-Run: 48,119,156,736 bytes free

Current=1 Default=1 Failed=9 LastKnownGood=2 Sets=1,2,3,4,5,6,7,9
- - End Of File - - 35E67AC53B25085BE595C5B74E40F0EF

Chriss
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-08
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infections.

Post by Chriss on 9th April 2010, 4:08 am

Ugh, sad to say but the XP Smart Security popped up once again. And again it doesn't let me use Malwarebytes to open. Any help would be appreciated.

Chriss
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-08
OS OS : XP
Points Points : 24393
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infections.

Post by Dr Jay on 9th April 2010, 4:18 am

Your computer is infected with a dangerous infection:
[You must be registered and logged in to see this link.]

We have hit a dead end. Please tell me when you have completed a reformat and reinstall.

I am sorry for the bad news. I do not understand why these mean people make such harsh viruses, and I wish there was a way to clean your system without everything being damaged. But, the problem is, cleaning the system, most files will be damaged. It is like trying to clean up a city that just had a tornado or hurricane run through it. Takes rebuilding, and time to set back up.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum