might have virus help please

[Jester73440]

I may have a virus. my computer started acting a little odd please check this out and let me know what ya think

thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:47 AM, on 1/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2797973550-3495601434-31443918-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{562B39A6-27FA-469B-8D92-1690DC585C6D}: NameServer = 85.255.115.60,85.255.112.136
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60,85.255.112.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60,85.255.112.136
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7164 bytes

 

[Osiris]

Run Malwarebytes and combofix, post both of their logs and post a new hijackthis log

remove these entries

O17 - HKLM\System\CCS\Services\Tcpip\..\{562B39A6-27FA-469B-8D92-1690DC585C6D}: NameServer = 85.255.115.60,85.255.112.136

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60,85.255.112.136

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60,85.255.112.136

 

[Jester73440]

ComboFix 09-01-21.04 - Steve 2009-01-28 21:45:02.2 - NTFSx86
Microsoft® Windows Vista™ Home P 6.0.6001.1.1252.1.1033.18.511.122 [GMT -6:00]
Running from: f:\downloads08\ComboFix.exe
(Files Created from 2008-12-28 to 2009-01-29 )
.

2009-01-28 10:35 . 2009-01-28 10:35 <DIR> d-------- c:\users\Steve\AppData\Roaming\Malwarebytes
2009-01-28 10:35 . 2009-01-28 10:35 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-28 10:35 . 2009-01-28 10:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 10:35 . 2009-01-28 10:35 <DIR> d-------- c:\progra~2\Malwarebytes
2009-01-28 10:35 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-28 10:35 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-28 00:33 . 2009-01-28 00:33 <DIR> d-------- c:\program files\Trend Micro
2009-01-28 00:22 . 2009-01-28 21:24 32 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-01-28 00:22 . 2009-01-28 21:24 32 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-01-28 00:22 . 2009-01-28 21:24 32 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-28 00:22 . 2009-01-28 21:24 32 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-28 00:19 . 2009-01-28 10:22 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2009-01-28 00:19 . 2009-01-28 00:19 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-28 00:19 . 2009-01-28 10:22 <DIR> d-------- c:\progra~2\Kaspersky Lab
2009-01-28 00:16 . 2009-01-28 00:16 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-01-28 00:16 . 2009-01-28 00:16 <DIR> d-------- c:\progra~2\Kaspersky Lab Setup Files
2009-01-27 23:59 . 2009-01-27 23:59 <DIR> d----c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 23:59 . 2009-01-27 23:59 <DIR> d----c--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 22:41 . 2009-01-27 22:40 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-20 00:39 . 2009-01-20 00:39 <DIR> d-------- c:\users\Steve\AppData\Roaming\Nero
2009-01-19 23:56 . 2006-11-02 04:23 <DIR> dr------- c:\users\NeroMediaHomeUser.4\Videos
2009-01-19 23:56 . 2006-11-02 04:23 <DIR> d-------- c:\users\NeroMediaHomeUser.4\Saved Games
2009-01-19 23:56 . 2006-11-02 04:23 <DIR> dr------- c:\users\NeroMediaHomeUser.4\Pictures
2009-01-19 23:56 . 2006-11-02 04:23 <DIR> dr------- c:\users\NeroMediaHomeUser.4\Music
2009-01-19 23:56 . 2006-11-02 04:23 <DIR> dr------- c:\users\NeroMediaHomeUser.4\Links
2009-01-19 23:56 . 2006-11-02 04:23 <DIR> dr------- c:\users\NeroMediaHomeUser.4\Downloads
2009-01-19 23:56 . 2009-01-19 23:56 <DIR> dr------- c:\users\NeroMediaHomeUser.4\Documents
2009-01-19 23:56 . 2006-11-02 05:18 <DIR> d--h----- c:\users\NeroMediaHomeUser.4\AppData
2009-01-19 23:56 . 2009-01-19 23:56 <DIR> d-------- c:\users\NeroMediaHomeUser.4
2009-01-19 23:55 . 2009-01-19 23:57 <DIR> d-------- c:\program files\Nero
2009-01-19 23:54 . 2009-01-20 00:39 <DIR> d-------- c:\users\All Users\Nero
2009-01-19 23:54 . 2009-01-19 23:58 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-19 23:54 . 2009-01-20 00:39 <DIR> d-------- c:\progra~2\Nero
2009-01-14 12:40 . 2008-12-15 20:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-04 11:19 . 2009-01-04 12:18 <DIR> d-------- c:\program files\Magic Video Converter
2009-01-04 11:19 . 2004-05-26 21:37 719,872 --a------ c:\windows\System32\devil.dll
2009-01-04 11:19 . 2003-03-19 11:03 544,768 --a------ c:\windows\System32\msvcr71d.dll
2009-01-04 11:19 . 2002-01-05 14:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2009-01-04 11:19 . 2006-09-16 19:44 314,368 --a------ c:\windows\System32\avisynth.dll
2009-01-03 18:58 . 2009-01-03 21:34 <DIR> d-------- c:\users\Steve\AppData\Roaming\AviDvdBurner
2009-01-03 18:58 . 2009-01-03 18:58 <DIR> d-------- c:\program files\AviDvdBurner
2009-01-03 18:51 . 2009-01-03 18:51 <DIR> d-------- C:\VideoToDVD
2009-01-03 18:50 . 2009-01-03 18:50 <DIR> d-------- c:\program files\AVI DivX MPEG to DVD Converter & Burner
2009-01-03 18:50 . 2005-01-05 16:17 655,360 --a------ c:\windows\System32\dvdlib.dll
2009-01-03 18:50 . 2004-02-10 19:15 344,064 --a------ c:\windows\System32\xvid.dll
2009-01-03 18:50 . 2001-05-09 16:59 264,056 --a------ c:\windows\System32\mpg4ds32.ax
2009-01-03 18:50 . 2001-08-18 20:00 262,144 --a------ c:\windows\System32\mpg4ds32.axu
2009-01-03 18:50 . 2005-01-09 12:41 245,760 --a------ c:\windows\System32\writelib.dll
2009-01-03 18:50 . 2003-08-19 15:20 180,224 --a------ c:\windows\System32\ac3filter.ax
2009-01-03 18:50 . 2000-06-30 17:40 139,264 --a------ c:\windows\System32\Mpeg2Decoder.ax
2009-01-03 18:50 . 2000-06-26 13:13 94,208 --a------ c:\windows\System32\Mpeg2Parser.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 06:55 --------- d-----w c:\users\Steve\AppData\Roaming\uTorrent
2009-01-28 04:40 --------- d-----w c:\program files\Java
2009-01-22 15:47 --------- d-----w c:\progra~2\Rosetta Stone
2009-01-15 06:25 --------- d-----w c:\program files\Windows Mail
2009-01-04 03:56 --------- d-----w c:\program files\AVS4YOU
2008-12-29 01:12 --------- d-----w c:\users\Steve\AppData\Roaming\AVS4YOU
2008-12-29 01:12 --------- d-----w c:\progra~2\AVS4YOU
2008-12-29 01:11 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-20 15:43 --------- d-----w c:\program files\Apple Software Update
2008-12-20 15:41 --------- d-----w c:\program files\iTunes
2008-12-20 15:41 --------- d-----w c:\program files\iPod
2008-12-20 15:41 --------- d-----w c:\program files\Common Files\Apple
2008-12-20 15:41 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 15:39 --------- d-----w c:\program files\Bonjour
2008-12-20 15:38 --------- d-----w c:\program files\QuickTime
2008-12-18 06:44 --------- d-----w c:\program files\Shutdown Monster
2008-12-14 04:51 --------- d-----w c:\program files\ReflexiveArcade
2008-12-14 04:51 --------- d-----w c:\program files\Elf Bowling Hawaiian Vacation
2008-12-14 04:40 --------- d---a-w c:\progra~2\TEMP
2008-12-13 19:54 --------- d-----w c:\users\Steve\AppData\Roaming\Download Manager
2008-12-07 19:42 --------- d-----w c:\program files\AIM6
2008-12-07 19:31 --------- d-----w c:\progra~2\Viewpoint
2008-12-07 19:31 --------- d-----w c:\progra~2\acccore
2008-12-07 19:20 --------- d-----w c:\progra~2\AOL Downloads
2008-12-05 18:25 --------- d-----w c:\progra~2\PICTUREKA! MUSEUM MAYHEM
2008-12-05 18:23 --------- d-----w c:\program files\Oberon Media
2008-12-01 07:02 --------- d-----w c:\program files\Audio MP3 Sound Recorder
2008-12-01 06:37 --------- d-----w c:\users\Steve\AppData\Roaming\Audio Recorder for Free
2008-12-01 06:37 --------- d-----w c:\program files\Audio Recorder for Free
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-07-23 05:36 174 --sha-w c:\program files\desktop.ini
2008-04-18 15:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-18 15:17 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-18 15:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-28_10.06.46.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-28 16:01:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-29 03:28:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-28 16:01:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-29 03:51:09 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-28 15:55:51 9,038 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2797973550-3495601434-31443918-1000_UserData.bin
+ 2009-01-29 03:29:24 9,270 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2797973550-3495601434-31443918-1000_UserData.bin
- 2009-01-28 15:55:51 43,668 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-29 03:29:24 43,820 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-28 15:55:39 34,578 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-29 03:29:14 34,920 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-02-06 1682368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-27 136600]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-08 648504]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-12-12 4584744]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickTV.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickTV.lnk
backup=c:\windows\pss\QuickTV.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-10-27 11:44 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 11:16 42032 c:\program files\Common Files\aol\1199891054\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 18:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{345208B4-4B32-443D-99AE-E7F9184DC41E}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{2A2C877B-6735-405B-8524-C93433EDB138}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{5E342071-D0C4-4BDF-B473-DA976A20C2C1}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{A68BC390-FF5C-46F0-AF4A-EF9DE89B11E7}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{B17779CC-CE2C-4FBD-93A4-252428533470}"= UDP:c:\program files\Common Files\aol\1199891054\ee\aolsoftware.exe:AOL Shared Components
"{D966EE29-08DE-4A20-A6F9-A28F70972E38}"= TCP:c:\program files\Common Files\aol\1199891054\ee\aolsoftware.exe:AOL Shared Components
"{72C455C4-1B05-41B8-9291-4EEAC511E7F3}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{BCF0AF25-2952-4492-83F7-126AB59DC7A6}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{E8C27500-DCF9-4424-9A31-E891985455E6}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{79274178-67FE-4E33-A743-5F862ED350CE}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{940C2326-4F9D-40A0-AE69-DC695FEBAEBD}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{2BC7400A-88B1-4598-B9A9-B37BBA0ACA5F}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{F4DA7B4A-4FF8-4D50-93D7-13161544205D}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{52081AED-02B7-4071-8158-800EC05CDCBB}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{254F2656-EFD6-44E7-B09E-2350D95536DC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{65699973-331C-407B-BD80-9D0771C12E6F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{635E2E2C-D62C-4582-A98E-9C4BDF25FFFF}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{FAEB6730-2DAD-4481-8F97-DE96F1CC1E17}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"TCP Query User{D5613B63-FA0D-4DC4-B41F-F3233EFC3CAA}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A1D08876-173A-42D3-A652-E910990F3C6E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{7BD6D015-B02F-49F9-9216-9C1BFBD25DB1}"= inRosettaStoneLtdServices.exe:Rosetta Stone Online Component (inbound)
"{3FAEA177-4EAC-4BA2-9C8D-49B51B4827F9}"= RosettaStoneVersion3.exe:Rosetta Stone V3 Application (inbound)
"{8DA8FFF8-A54A-49BB-BA42-492E6E07C87A}"= TCP:67HCP Discovery Service
"TCP Query User{0CF64EC0-710C-4261-9919-CB45AD4BBC42}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{66C77839-FDC2-4B22-9B21-09D728EE27D1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7F39A49F-9E99-4D8E-A71F-17F6BC885D00}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{B909186E-DF2A-4BFF-B0CD-EC4B0A2F28A0}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{C7FEB85B-4C2A-446B-AFC0-A423FAAD53D9}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{439DEC60-2668-42EF-9307-66F4AEE307C1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A0918E52-7B00-4C98-A9CF-152A961746A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5688E740-89CE-4348-8D44-98C684377553}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7BD24744-58DA-4024-BECC-7DC0EC20B9B4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A868D2D2-069E-4359-943F-3C4253677580}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{492056EE-35E3-4AC8-A691-3020F3ED843A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D828DAB3-AAC5-45FF-A9AF-04D14A9C7603}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{4A75CA23-2B8B-41A7-B96F-BF7889BDFD59}"= UDP:c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe:Nero MediaHome 4
"{137356EE-BEB8-48F9-94C5-3175D5961CFB}"= TCP:c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe:Nero MediaHome 4
"{342614CA-5F69-4196-A995-184DACBBF1FC}"= TCP:67HCP Discovery Service
"{53C75073-CAA5-4B04-A454-340FEA8E9C66}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeure Networks Platform Service
"{8DA2F042-4774-4320-A8B6-C1C985563F0E}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeure Networks Platform Service
"{87E01ED3-B380-4012-802B-C2A5BC944CBA}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeure Networks Platform Service
"{54AD8B21-056D-476F-8D65-E3EAAC6ACC5D}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeure Networks Platform Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R4 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-12-12 476456]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-27 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{469d0448-be68-11dc-ae8f-d56c00ae30a5}]
\shell\AutoRun\command - l:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7546c12-e0e9-11dc-a4ae-00038a000015}]
\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df6d71b9-3364-11dd-8b79-00038a000015}]
\shell\AutoRun\command - L:\bladder_101.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\1ckjqz5e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 21:51:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3524)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
.
Completion time: 2009-01-28 21:59:32
ComboFix-quarantined-files.txt 2009-01-29 03:58:56
ComboFix2.txt 2009-01-28 16:08:52

Pre-Run: 84,177,752,064 bytes free
Post-Run: 84,150,079,488 bytes free

243 --- E O F --- 2009-01-26 22:31:20

 

[Jester73440]

Malwarebytes' Anti-Malware 1.33
Database version: 1702
Windows 6.0.6001 Service Pack 1

1/28/2009 9:22:26 PM
mbam-log-2009-01-28 (21-22-26).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 327355
Time elapsed: 2 hour(s), 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\gaopdxyvtbphwq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
E:\downloadoct07\rOSETTA sTONE v3\Rosetta.Stone.V3.Patch\Rosetta.Stone.V3.Patch.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
E:\rOSETTA sTONE v3\Rosetta.Stone.V3.Patch\Rosetta.Stone.V3.Patch.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
F:\Downloads08\Keygen.Nero.Media.Home.v4.0.15.1c3098.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aquaplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxxcmoorte.sys (Trojan.Agent) -> Quarantined and deleted successfully.

 

[Jester73440]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:01 PM, on 1/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-2797973550-3495601434-31443918-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-2797973550-3495601434-31443918-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NeroMediaHomeUser.4')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6243 bytes

 

[Osiris]

Much better

I would uninstall Viewpoint as well.

So have your issues been resolved?

 

[Jester73440]

yes the pop ups have stopped and windows stopped crashing. Thank you very much

 

[Osiris]

Np.. :d