Hijack this log- Firefox slowing down

[Drizzt]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:07 PM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Dillon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5890 bytes



I bet I'm loaded with bad stuff.

 

[techpro5238]

Actually your log is clean. What type of issues are you experiencing? Can you give a screenshot maybe to explain a bit better?

 

[Drizzt]

I'll take a screenshot when I get home.
The problems are here.

I've about had it with firefox. I'm going to switch to Opera if I can't get this sorted out.

Every time i click a link to an image.. this happens *tries it... now its working.*

But normally it just says "NOT WORKING KTHXBIBI LOSER".

AND, sometimes when I click on a link... It refreshes again and again and never shows up.

AND, its slower then IE7 atm... I thought it was my router acting up.


I used opera for a while... I might go back.

http://www.techist.com/forums/f50/firefox-your-really-making-me-mad-177301/

 

[techpro5238]

Sounds like a rootkit, or a hijack of your browser. Please follow these instructions:

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
• Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer

 

[Drizzt]

ComboFix 08-06-11.7 - Dillon 2008-06-13 15:24:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1585 [GMT -4:00]
Running from: C:\Documents and Settings\Dillon\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 09:40 . 2008-06-13 09:40 <DIR> d-------- C:\Documents and Settings\Eileen\Application Data\Grisoft
2008-06-12 20:27 . 2008-06-12 20:27 <DIR> d-------- C:\Program Files\Opera
2008-06-12 20:22 . 2008-06-12 20:22 <DIR> d-------- C:\Documents and Settings\Dillon\Application Data\Grisoft
2008-06-12 20:22 . 2008-06-12 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-12 20:22 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-12 16:41 . 2008-06-12 16:41 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 18:53 . 2008-06-11 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-10 21:15 . 2008-06-10 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-06-10 17:05 . 2008-04-14 08:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:05 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 15:58 . 2008-06-10 16:02 <DIR> d-------- C:\Sierra
2008-06-10 15:58 . 2008-06-10 16:02 515 --a------ C:\WINDOWS\SIERRA.INI
2008-06-07 14:14 . 2008-06-07 14:14 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-07 11:53 . 2008-06-07 11:53 <DIR> d-------- C:\Documents and Settings\Eileen\Application Data\Media Player Classic
2008-06-07 11:53 . 2008-06-07 11:53 <DIR> d-------- C:\Documents and Settings\Eileen\Application Data\DivX
2008-06-05 19:35 . 2008-06-09 14:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 19:35 . 2008-06-05 19:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-02 21:50 . 2008-06-03 14:53 <DIR> d-------- C:\Documents and Settings\Dillon\Application Data\skypePM
2008-06-02 21:50 . 2008-06-02 21:50 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-02 21:49 . 2008-06-03 14:53 <DIR> d-------- C:\Documents and Settings\Dillon\Application Data\Skype
2008-06-02 21:44 . 2008-06-02 21:44 <DIR> d-------- C:\Program Files\Skype
2008-06-02 21:44 . 2008-06-02 21:44 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-02 21:44 . 2008-06-02 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-31 10:14 . 2008-05-31 10:15 <DIR> d-------- C:\Program Files\TuneXP
2008-05-31 10:14 . 2008-05-31 10:14 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-05-30 20:13 . 2008-06-05 16:11 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-05-30 18:22 . 2008-05-30 18:22 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-05-26 22:18 . 2008-06-12 20:07 <DIR> d-------- C:\Documents and Settings\Dillon\Application Data\OpenOffice.org2
2008-05-26 22:17 . 2008-05-26 22:17 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-25 18:49 . 2008-05-25 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-25 15:38 . 2008-05-25 15:38 <DIR> d-------- C:\Documents and Settings\Dillon\Application Data\Media Player Classic
2008-05-23 22:38 . 2008-05-23 22:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 19:45 . 2008-05-21 19:45 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-21 19:33 . 2008-05-21 19:33 <DIR> d-------- C:\Program Files\Sierra
2008-05-21 19:22 . 2008-05-21 19:22 <DIR> d-------- C:\Program Files\PowerISO
2008-05-18 09:35 . 2008-05-18 09:35 <DIR> d-------- C:\Program Files\THQ
2008-05-17 20:48 . 2008-05-17 20:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-17 20:48 . 2008-05-17 20:48 <DIR> d-------- C:\8d41345b366c256898ec76ad4a6d
2008-05-17 20:47 . 2008-05-17 20:48 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-17 20:47 . 2008-05-17 20:47 <DIR> d-------- C:\f18e006f4b0bcc1073ec
2008-05-16 21:26 . 2008-05-16 21:27 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-16 21:26 . 2008-05-16 21:26 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-16 21:25 . 2008-05-28 14:49 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-16 21:25 . 2008-05-16 21:26 <DIR> d-------- C:\Program Files\CCleaner
2008-05-15 15:14 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-15 15:14 . 2008-05-15 15:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 15:14 . 2008-05-15 15:14 22,328 --a------ C:\Documents and Settings\Dillon\Application Data\PnkBstrK.sys
2008-05-15 15:13 . 2008-05-17 20:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-15 15:13 . 2008-05-15 15:13 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-15 15:13 . 2008-05-15 15:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-15 15:13 . 2008-05-15 15:13 319 --a------ C:\WINDOWS\game.ini
2008-05-15 15:07 . 2008-05-15 15:07 <DIR> d-------- C:\Program Files\Activision
2008-05-14 18:47 . 2008-05-14 18:47 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-14 18:47 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 01:18 --------- d-----w C:\Program Files\Steam
2008-06-12 00:04 --------- d-----w C:\Program Files\FrostWire
2008-06-10 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 19:21 --------- d-----w C:\Documents and Settings\Dillon\Application Data\Apple Computer
2008-06-07 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 10:18 --------- d-----w C:\Documents and Settings\Dillon\Application Data\uTorrent
2008-05-31 23:36 --------- d-----w C:\Program Files\Trillian
2008-05-27 02:16 --------- d-----w C:\Program Files\Java
2008-05-27 01:39 --------- d-----w C:\Documents and Settings\Dillon\Application Data\Ventrilo
2008-05-22 23:32 --------- d-----w C:\Documents and Settings\Dillon\Application Data\FrostWire
2008-05-12 19:05 --------- d-----w C:\Program Files\Apple Software Update
2008-05-11 16:12 --------- d-----w C:\Program Files\PopCap Games
2008-05-11 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-11 16:11 --------- d-----w C:\Program Files\Peggle
2008-05-11 16:11 --------- d-----w C:\Program Files\BFG
2008-05-10 14:51 --------- d-----w C:\Documents and Settings\TEST\Application Data\Talkback
2008-05-10 02:24 --------- d-----w C:\Program Files\LimeWire
2008-05-09 22:39 --------- d-----w C:\Program Files\AlienGUIse
2008-05-09 22:37 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-08 21:54 --------- d-----w C:\Program Files\Stardock
2008-05-08 21:01 --------- d-----w C:\Documents and Settings\Dillon\Application Data\LimeWire
2008-05-08 20:31 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-08 20:31 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-08 20:25 --------- d-----w C:\Program Files\Futuremark
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 20:40 --------- d-----w C:\Program Files\RivaTuner v2.09
2008-05-07 19:35 --------- d-----w C:\Program Files\OCCT
2008-05-07 12:50 --------- d-----w C:\Documents and Settings\Eileen\Application Data\Talkback
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 01:31 --------- d-----w C:\Program Files\Ventrilo
2008-05-07 00:52 --------- d-----w C:\Program Files\Common Files\Java
2008-05-07 00:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-07 00:25 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-07 00:05 --------- d-----w C:\Program Files\iTunes
2008-05-07 00:05 --------- d-----w C:\Program Files\AVG
2008-05-07 00:04 --------- d-----w C:\Program Files\QuickTime
2008-05-07 00:04 --------- d-----w C:\Program Files\iPod
2008-05-07 00:04 --------- d-----w C:\Program Files\Bonjour
2008-05-07 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 00:03 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-07 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-06 23:56 --------- d-----w C:\Program Files\uTorrent
2008-05-06 23:01 --------- d-----w C:\Program Files\PC Wizard 2008
2008-05-06 22:58 --------- d-----w C:\Documents and Settings\Dillon\Application Data\Talkback
2008-05-06 22:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-06 22:57 --------- d-----w C:\Program Files\ASUS
2008-05-06 22:54 --------- d-----w C:\Program Files\Marvell
2008-05-06 22:54 --------- d-----w C:\Documents and Settings\Dillon\Application Data\TMP
2008-05-06 22:21 --------- d-----w C:\Program Files\Analog Devices
2008-05-06 22:12 --------- d-----w C:\Program Files\Intel
2008-05-06 21:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-30 21:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 12:30 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 19:57 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 14:25 2707456]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 04:02 1036288]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

C:\Documents and Settings\Dillon\Start Menu\Programs\Startup\
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-05-09 18:37:53 2074360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\jazzarmando\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\jazzarmando\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Documents and Settings\\Dillon\\My Documents\\Downloads\\Half-Life (Steam-free) (HD pack) - Counter-Strike 1.6 - Opposing Force - Blue Shift - Team Fortress Classic\\half-life\\hl.exe"=
"C:\\Documents and Settings\\Dillon\\My Documents\\Downloads\\Half-Life (Steam-free) (HD pack) - Counter-Strike 1.6 - Opposing Force - Blue Shift - Team Fortress Classic\\Giant Folder\\hl.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62216c5a-1eb8-11dd-9486-001e8c415afb}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 18:53:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 15:24:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 15:25:04
ComboFix-quarantined-files.txt 2008-06-13 19:25:02

Pre-Run: 405,413,146,624 bytes free
Post-Run: 405,519,212,544 bytes free

240 --- E O F --- 2008-06-11 00:44:59



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:40 PM, on 6/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Dillon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

 

[Drizzt]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5682 bytes

 

[techpro5238]

Step1 | Kasperky WebScanner

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Step2 | MBAM Scan

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step3 | MWav Scan

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:

• Memory
• Startup Folders
• Drive - All Local Drives
• Folder - then click "browse" to change the directory to C: (default is C:\Windows)
• Registry
• System Folders
• Services
• Include Sub-Directory
• Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Logs Required In Next Post
--------------------------------

Kasperky Scan Log
MBAM Scan Log
MWav Scan Log

 

[Drizzt]

Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 14, 2008 01:24:38
Records in database: 862158

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 66522
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:06:21

File name Threat name Threats count
E:\Virus and spyware removal\smitfraudfix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.



Malwarebytes' Anti-Malware 1.17
Database version: 854

9:53:45 PM 6/13/2008
mbam-log-6-13-2008 (21-53-45).txt

Scan type: Quick Scan
Objects scanned: 40862
Time elapsed: 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[techpro5238]

Did the MWav Scan show up anything?

 

[Drizzt]

The link doesnt work for that last one. all these things are showing me as clear except some smitzfritz virus thingy... but I think thats actually something that I was told to download a while ago and is chilling on my flash drive.

Oh and here is one of the many problems i was having with firefox...
http://img.photobucket.com/albums/v521/jazzarmando/wtf.jpg

Opera has given me no problems.