vimax adds everywhere - alureon?

ropeadopa · Aug 24, 2009

spoke too soon on the vimax adds they are back. ok ill try safe mode BRB.

Osiris · Aug 24, 2009

That was only a possible temporary solution

ropeadopa · Aug 24, 2009

ComboFix 09-08-24.05 - Administrator 08/24/2009 21:19.3.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.614 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\yhusol.scr
c:\documents and settings\All Users\Documents\itydu.scr
c:\documents and settings\All Users\Documents\tigihypoku.scr
c:\documents and settings\BOB!\Application Data\jatilyr.bat
c:\documents and settings\BOB!\Cookies\emilybemil.com
c:\documents and settings\BOB!\Local Settings\Application Data\ulelihire.exe
c:\program files\Common Files\fybuguta.vbs
c:\program files\Common Files\jovuko.sys
c:\program files\Common Files\mesuzehih.pif
c:\program files\Common Files\pomogodi.com
c:\program files\Common Files\vevulabi.reg
c:\windows\ihejony.ban
c:\windows\ipyfov.bin
c:\windows\kobokus._dl
c:\windows\system32\ecoga.reg
c:\windows\system32\etoti.pif

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2103-01-01 06:05 . 2005-06-28 02:37 133632 ----a-w- c:\windows\system32\CtDvInst.dll
2009-08-25 01:09 . 2009-08-25 01:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-25 01:08 . 2009-08-25 01:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-25 01:06 . 2009-08-25 01:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-24 01:08 . 2009-08-24 01:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-08-24 00:25 . 2009-08-24 00:26 -------- d-----w- c:\program files\Unlocker
2009-08-23 19:01 . 2009-08-23 19:01 -------- d-----w- c:\documents and settings\BOB!\DoctorWeb
2009-08-23 16:54 . 2009-08-23 16:54 -------- d-sh--w- c:\documents and settings\BOB!\PrivacIE
2009-08-23 16:22 . 2009-08-25 01:02 33824 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-23 16:22 . 2009-08-25 01:02 2716704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\program files\ParetoLogic
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-23 01:43 . 2009-08-05 23:29 3036024 ----a-w- c:\documents and settings\BOB!\Application Data\Simply Super Software\Trojan Remover\wwl2.exe
2009-08-23 01:25 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-23 01:25 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-23 01:25 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-23 01:25 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-08-23 01:25 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-23 01:25 . 2009-08-23 01:26 -------- d-----w- c:\program files\Trojan Remover
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\BOB!\Application Data\Simply Super Software
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-23 00:49 . 2009-08-22 21:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-22 23:25 . 2009-08-22 23:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-22 21:23 . 2009-08-22 21:23 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-08-22 21:23 . 2009-08-22 21:23 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-08-22 21:23 . 2009-08-22 21:23 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-08-22 21:23 . 2009-08-22 21:23 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-08-22 21:23 . 2009-08-22 21:23 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-08-22 21:23 . 2009-08-22 21:23 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-08-22 21:22 . 2009-08-22 21:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-22 21:22 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-08-22 16:40 . 2009-08-22 16:40 5519752 ----a-w- c:\documents and settings\BOB!\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-08-22 16:40 . 2009-08-22 16:40 -------- d-----w- c:\documents and settings\BOB!\Application Data\TVU networks
2009-08-21 23:21 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-08-21 23:21 . 2009-08-21 23:26 -------- d-----w- c:\program files\SpywareBlaster
2009-08-21 04:53 . 2009-08-21 04:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 04:53 . 2009-08-21 04:53 -------- d-----w- c:\program files\MSBuild
2009-08-21 04:53 . 2009-08-21 04:53 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 04:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 04:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 04:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 04:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 04:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 04:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 04:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 01:54 . 2009-08-21 01:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-21 01:52 . 2009-08-21 01:52 -------- d-sh--w- c:\documents and settings\BOB!\IETldCache
2009-08-21 01:35 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-21 01:35 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-21 01:35 . 2009-08-21 01:35 -------- d-----w- c:\windows\ie8updates
2009-08-21 01:33 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-21 01:17 . 2009-08-21 01:32 -------- dc-h--w- c:\windows\ie8
2009-08-20 23:51 . 2009-08-20 23:51 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-20 23:43 . 2009-08-20 23:43 83490 ----a-w- C:\cc_20090820_194255.reg
2009-08-20 12:38 . 2009-08-20 12:38 84992 ----a-w- c:\windows\system32\msihost.exe
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-12 12:34 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 01:02 . 2009-08-23 16:22 4220 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 01:02 . 2009-08-23 16:22 37460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-24 23:44 . 2008-08-18 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-24 12:30 . 2009-06-23 01:23 -------- d-----w- c:\program files\Xfire
2009-08-24 02:05 . 2009-06-23 01:23 -------- d-----w- c:\documents and settings\BOB!\Application Data\Xfire
2009-08-24 01:12 . 2007-08-03 01:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-24 01:12 . 2007-08-03 01:42 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-24 00:36 . 2008-11-05 02:51 -------- d-----w- c:\program files\mIRC
2009-08-23 01:47 . 2008-03-02 23:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 21:22 . 2006-04-10 21:28 -------- d-----w- c:\program files\Lavasoft
2009-08-22 19:14 . 2006-04-10 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-22 19:12 . 2006-04-10 21:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-22 16:40 . 2005-09-07 03:16 19936 ----a-w- c:\documents and settings\BOB!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 20:05 . 2009-05-13 00:44 117760 ----a-w- c:\documents and settings\BOB!\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-21 01:57 . 2007-02-12 19:07 -------- d-----w- c:\program files\Eraser
2009-08-20 23:54 . 2009-08-20 23:54 16774 ----a-w- c:\program files\Common Files\losi._sy
2009-08-20 23:54 . 2009-08-20 23:54 11996 ----a-w- c:\program files\Common Files\unawis._sy
2009-08-20 23:54 . 2009-08-20 23:54 11635 ----a-w- c:\program files\Common Files\falase.db
2009-08-20 23:51 . 2009-03-18 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 23:07 . 2009-05-13 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 22:23 . 2006-05-02 21:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-20 22:10 . 2007-08-26 22:22 -------- d-----w- c:\documents and settings\BOB!\Application Data\Azureus
2009-08-16 18:40 . 2008-08-18 01:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 18:40 . 2008-08-18 01:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 18:40 . 2008-08-18 01:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 03:55 . 2007-09-26 05:59 7114736 ----a-w- c:\documents and settings\BOB!\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-08-15 03:54 . 2007-08-26 22:20 -------- d-----w- c:\program files\Azureus
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-03-18 17:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-03-18 17:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 22:39 . 2005-11-10 05:35 -------- d-----w- c:\program files\PokerStars
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 03:58 . 2005-09-07 03:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 00:12 . 2009-07-02 00:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-06-30 04:48 . 2009-04-08 19:48 -------- d-----w- c:\documents and settings\BOB!\Application Data\Skype
2009-06-30 02:48 . 2009-04-08 19:49 -------- d-----w- c:\documents and settings\BOB!\Application Data\skypePM
2009-06-27 15:30 . 2008-11-05 04:23 1878984 ----a-w- c:\documents and settings\BOB!\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 02:43 . 2006-05-06 07:56 249856 ------w- c:\windows\Setup1.exe
2009-06-25 02:43 . 2006-05-06 07:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-09-07 00:14 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ------w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 18:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BOB!^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\BOB!\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8emc"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"Lavasoft Ad-Aware Service"=3 (0x3)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\quake3\\quake3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\BOB!\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Steam\\steamapps\\cvsharhar@netscape.net\\team fortress classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\cvsharhar@netscape.net\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaws.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/22/2009 5:24 PM 64160]
R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [1/11/2001 6:00 AM 12032]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 9:34 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 9:34 PM 335240]
S1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [1/11/2001 9:00 AM 228736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
S3 iComp;Hauppauge WinTV PVR USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [10/25/2005 8:42 PM 1454208]
S3 krdpdre;krdpdre;\??\c:\docume~1\BOB!\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\BOB!\LOCALS~1\Temp\krdpdre.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:23]

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-08-24 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-08-23 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-08-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-08-24 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
.
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj03g1s1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

ropeadopa · Aug 24, 2009

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-24 21:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1614895754-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,c0,a7,9a,44,82,f0,44,8e,1d,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,c0,a7,9a,44,82,f0,44,8e,1d,df,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-25 21:30
ComboFix-quarantined-files.txt 2009-08-25 01:29

Pre-Run: 5,491,875,840 bytes free
Post-Run: 5,461,098,496 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
287 --- E O F --- 2009-08-21 22:40

ropeadopa · Aug 24, 2009

there you go, combofix in safemode worked thx. what should i do now??

Osiris · Aug 24, 2009

Reboot into normal and see if you can run it, if not run it in Safemode again and post its log so I can see if it is still finding items, then run Malwarebytes again and post its log and then finally post a new hijackthis log.

ropeadopa · Aug 24, 2009

alrighty sir, combo fix doesnt work in normal mode, i tried again.

worked in safe mode again. hold tight ill get the other ones to you soon.

ComboFix 09-08-24.05 - Administrator 08/24/2009 22:19.4.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.612 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2103-01-01 06:05 . 2005-06-28 02:37 133632 ----a-w- c:\windows\system32\CtDvInst.dll
2009-08-25 01:09 . 2009-08-25 01:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-25 01:08 . 2009-08-25 01:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-25 01:06 . 2009-08-25 01:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-24 01:08 . 2009-08-24 01:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-08-24 00:25 . 2009-08-24 00:26 -------- d-----w- c:\program files\Unlocker
2009-08-23 19:01 . 2009-08-23 19:01 -------- d-----w- c:\documents and settings\BOB!\DoctorWeb
2009-08-23 16:54 . 2009-08-23 16:54 -------- d-sh--w- c:\documents and settings\BOB!\PrivacIE
2009-08-23 16:22 . 2009-08-25 02:14 36640 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-23 16:22 . 2009-08-25 02:14 2750752 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\program files\ParetoLogic
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-08-23 16:13 . 2009-08-23 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-23 01:43 . 2009-08-05 23:29 3036024 ----a-w- c:\documents and settings\BOB!\Application Data\Simply Super Software\Trojan Remover\wwl2.exe
2009-08-23 01:25 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-23 01:25 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-23 01:25 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-23 01:25 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-08-23 01:25 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-23 01:25 . 2009-08-23 01:26 -------- d-----w- c:\program files\Trojan Remover
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\BOB!\Application Data\Simply Super Software
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-23 00:49 . 2009-08-22 21:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-22 23:25 . 2009-08-22 23:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-22 21:23 . 2009-08-22 21:23 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-08-22 21:23 . 2009-08-22 21:23 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-08-22 21:23 . 2009-08-22 21:23 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-08-22 21:23 . 2009-08-22 21:23 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-08-22 21:23 . 2009-08-22 21:23 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-08-22 21:23 . 2009-08-22 21:23 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-08-22 21:22 . 2009-08-22 21:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-22 21:22 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-08-22 16:40 . 2009-08-22 16:40 5519752 ----a-w- c:\documents and settings\BOB!\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-08-22 16:40 . 2009-08-22 16:40 -------- d-----w- c:\documents and settings\BOB!\Application Data\TVU networks
2009-08-21 23:21 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-08-21 23:21 . 2009-08-21 23:26 -------- d-----w- c:\program files\SpywareBlaster
2009-08-21 04:53 . 2009-08-21 04:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 04:53 . 2009-08-21 04:53 -------- d-----w- c:\program files\MSBuild
2009-08-21 04:53 . 2009-08-21 04:53 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 04:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 04:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 04:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 04:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 04:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 04:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 04:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 01:54 . 2009-08-21 01:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-21 01:52 . 2009-08-21 01:52 -------- d-sh--w- c:\documents and settings\BOB!\IETldCache
2009-08-21 01:35 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-21 01:35 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-21 01:35 . 2009-08-21 01:35 -------- d-----w- c:\windows\ie8updates
2009-08-21 01:33 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-21 01:17 . 2009-08-21 01:32 -------- dc-h--w- c:\windows\ie8
2009-08-20 23:51 . 2009-08-20 23:51 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-20 23:43 . 2009-08-20 23:43 83490 ----a-w- C:\cc_20090820_194255.reg
2009-08-20 12:38 . 2009-08-20 12:38 84992 ----a-w- c:\windows\system32\msihost.exe
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-12 12:34 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 02:14 . 2009-08-23 16:22 4484 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 02:14 . 2009-08-23 16:22 37916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-25 01:39 . 2008-08-18 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-24 12:30 . 2009-06-23 01:23 -------- d-----w- c:\program files\Xfire
2009-08-24 02:05 . 2009-06-23 01:23 -------- d-----w- c:\documents and settings\BOB!\Application Data\Xfire
2009-08-24 01:12 . 2007-08-03 01:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-24 01:12 . 2007-08-03 01:42 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-24 00:36 . 2008-11-05 02:51 -------- d-----w- c:\program files\mIRC
2009-08-23 01:47 . 2008-03-02 23:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 21:22 . 2006-04-10 21:28 -------- d-----w- c:\program files\Lavasoft
2009-08-22 19:14 . 2006-04-10 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-22 19:12 . 2006-04-10 21:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-22 16:40 . 2005-09-07 03:16 19936 ----a-w- c:\documents and settings\BOB!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 20:05 . 2009-05-13 00:44 117760 ----a-w- c:\documents and settings\BOB!\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-21 01:57 . 2007-02-12 19:07 -------- d-----w- c:\program files\Eraser
2009-08-20 23:54 . 2009-08-20 23:54 16774 ----a-w- c:\program files\Common Files\losi._sy
2009-08-20 23:54 . 2009-08-20 23:54 11996 ----a-w- c:\program files\Common Files\unawis._sy
2009-08-20 23:54 . 2009-08-20 23:54 11635 ----a-w- c:\program files\Common Files\falase.db
2009-08-20 23:51 . 2009-03-18 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 23:07 . 2009-05-13 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 22:23 . 2006-05-02 21:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-20 22:10 . 2007-08-26 22:22 -------- d-----w- c:\documents and settings\BOB!\Application Data\Azureus
2009-08-16 18:40 . 2008-08-18 01:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 18:40 . 2008-08-18 01:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 18:40 . 2008-08-18 01:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 03:55 . 2007-09-26 05:59 7114736 ----a-w- c:\documents and settings\BOB!\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-08-15 03:54 . 2007-08-26 22:20 -------- d-----w- c:\program files\Azureus
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-03-18 17:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-03-18 17:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 22:39 . 2005-11-10 05:35 -------- d-----w- c:\program files\PokerStars
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-02 03:58 . 2005-09-07 03:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 00:12 . 2009-07-02 00:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-06-30 04:48 . 2009-04-08 19:48 -------- d-----w- c:\documents and settings\BOB!\Application Data\Skype
2009-06-30 02:48 . 2009-04-08 19:49 -------- d-----w- c:\documents and settings\BOB!\Application Data\skypePM
2009-06-27 15:30 . 2008-11-05 04:23 1878984 ----a-w- c:\documents and settings\BOB!\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 02:43 . 2006-05-06 07:56 249856 ------w- c:\windows\Setup1.exe
2009-06-25 02:43 . 2006-05-06 07:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-09-07 00:14 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ------w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 18:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BOB!^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\BOB!\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8emc"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"Lavasoft Ad-Aware Service"=3 (0x3)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\quake3\\quake3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\BOB!\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Steam\\steamapps\\cvsharhar@netscape.net\\team fortress classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\cvsharhar@netscape.net\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaws.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/22/2009 5:24 PM 64160]
R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [1/11/2001 6:00 AM 12032]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 9:34 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 9:34 PM 335240]
S1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [1/11/2001 9:00 AM 228736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/10/2009 2:22 PM 297752]
S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe [8/20/2009 8:38 AM 84992]
S2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [2/18/2009 2:40 PM 587216]
S3 iComp;Hauppauge WinTV PVR USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [10/25/2005 8:42 PM 1454208]
S3 krdpdre;krdpdre;\??\c:\docume~1\BOB!\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\BOB!\LOCALS~1\Temp\krdpdre.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/16/2009 2:40 PM 908056]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:23]

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-08-24 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-08-23 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-08-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-08-24 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
.
.

ropeadopa · Aug 24, 2009

------- Supplementary Scan -------
.
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj03g1s1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-24 22:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1614895754-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,c0,a7,9a,44,82,f0,44,8e,1d,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,c0,a7,9a,44,82,f0,44,8e,1d,df,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1524)
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-25 22:30
ComboFix-quarantined-files.txt 2009-08-25 02:30

Pre-Run: 5,468,151,808 bytes free
Post-Run: 5,412,278,272 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
275 --- E O F --- 2009-08-21 22:40

ropeadopa · Aug 24, 2009

Malwarebytes' Anti-Malware 1.40
Database version: 2692
Windows 5.1.2600 Service Pack 3

8/24/2009 10:49:11 PM
mbam-log-2009-08-24 (22-49-11).txt

Scan type: Quick Scan
Objects scanned: 91460
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ropeadopa · Aug 24, 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:32 PM, on 8/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
\?\globalroot\C:\WINDOWS\system32\msihost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\BOB!\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\BOB!\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\WINDOWS\system32\msihost.exe (file missing)
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

--
End of file - 6042 bytes

vimax adds everywhere - alureon?

ropeadopa

Baseband Member

Osiris

Golden Master

ropeadopa

Baseband Member

ropeadopa

Baseband Member

ropeadopa

Baseband Member

Osiris

Golden Master

ropeadopa

Baseband Member

ropeadopa

Baseband Member

ropeadopa

Baseband Member

ropeadopa

Baseband Member

Similar threads