PDA

View Full Version : can't use browsers or update antispyware



tanusgreystar
2009-06-10, 05:20
Hi. I ended up getting id08.exe and pp10.exe, which I believe I removed, and I ran spybot and picked up 40 problems, one of which was virtumonde. I removed them through spybot. I ran Malwarebytes, which picked up nothing, and symantec antivirus picked up nothing. I ran vundofix, which didn't seem to do much. I think that's all I did. I didn't realize I wasn't supposed to run my own fixes. Sorry! Anyway, I still can't use any of my browsers, and I can't update Spybot, Spyware Blaster, and I think Vundofix wouldn't update. Here's my HJT log:


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:59:51 PM, on 6/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\pp10.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\ScanPanel\ScnPanel.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll

O1 - Hosts: 38.113.174.32 www.google-analytics.com

O1 - Hosts: 38.113.170.200 ads1.msn.com

O1 - Hosts: 38.113.174.32 dehp.myspace.com

O1 - Hosts: 38.113.174.32 demr.myspace.com

O1 - Hosts: 38.113.174.32 desk.myspace.com

O1 - Hosts: 38.113.174.32 delb.myspace.com

O1 - Hosts: 38.113.174.32 delb2.myspace.com

O1 - Hosts: 38.113.174.32 debr.myspace.com

O1 - Hosts: 38.113.170.200 rad.msn.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



--

End of file - 9508 bytes

Shaba
2009-06-10, 12:29
Hi tanusgreystar

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

tanusgreystar
2009-06-11, 00:25
Acrobat.com
Acrobat.com
Acronis*Disk Director Suite
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Advanced SystemCare 3
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
Audacity 1.3.7 (Unicode)
Bonjour
Box of Flumph
Canon iP1600
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CDisplay 1.8
CleanUp!
Easy-WebPrint
EVEREST Home Edition v2.20
Exact Audio Copy 0.99pb4
FOX LiveUpdate
FOX ONE
free-downloads.net Toolbar
GuitarFX 3
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IsoBuster 2.5
IsoBuster Toolbar
iTunes
Java(TM) 6 Update 13
LADSPA_plugins-win-0.4.15
LiveUpdate 3.2 (Symantec Corporation)
MadOnion.com/3DMark2001 SE
MagicDisc 2.7.105
MEM48U
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.20)
Mozilla Firefox (3.0.10)
Nero 7 Ultra Edition
Nero Mega Plugin Pack
neroxml
Netflix Movie Viewer
Notepad++
NVIDIA Drivers
NVIDIA PhysX
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenAL
QuickTime
Razer Barracuda AC-1 Gaming Audio Card
REALTEK GbE & FE Ethernet PCI NIC Driver
REAPER
RivaTuner v2.22
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SiSoftware Sandra Lite XI (Win64/32/CE)
SpywareBlaster 4.2
Symantec AntiVirus
System Requirements Lab
The Creator System2
Thermal Analysis Tool
Traverso 0.49.1
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC 9.0 Runtime
VC 9.0 Runtime
VST Bridge 1.1
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver

Shaba
2009-06-11, 07:19
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HijackThis log scan when finished and post the log back here.

tanusgreystar
2009-06-12, 04:39
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:59:51 PM, on 6/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\pp10.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\ScanPanel\ScnPanel.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll

O1 - Hosts: 38.113.174.32 www.google-analytics.com

O1 - Hosts: 38.113.170.200 ads1.msn.com

O1 - Hosts: 38.113.174.32 dehp.myspace.com

O1 - Hosts: 38.113.174.32 demr.myspace.com

O1 - Hosts: 38.113.174.32 desk.myspace.com

O1 - Hosts: 38.113.174.32 delb.myspace.com

O1 - Hosts: 38.113.174.32 delb2.myspace.com

O1 - Hosts: 38.113.174.32 debr.myspace.com

O1 - Hosts: 38.113.170.200 rad.msn.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



--

End of file - 9508 bytes

Shaba
2009-06-12, 07:08
Your HijackThis log is old.

Please rescan with HijackThis and post back a fresh HijackThis log.

tanusgreystar
2009-06-12, 17:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:53 AM, on 6/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\pp10.exe
C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O1 - Hosts: 38.113.174.32 www.google-analytics.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9399 bytes

Shaba
2009-06-12, 17:21
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

tanusgreystar
2009-06-14, 18:21
I couldn't download recovery console.


ComboFix 09-06-13.09 - Matt Stacey 06/14/2009 10:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3197.2649 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sysloc
c:\windows\9g2234wesdf3dfgjf23
c:\windows\pp10.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sysloc\sysloc.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
C:\zlsSetup_80_065_000_en.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-08 14:46 . 2009-06-08 14:46 -------- d-----w- c:\program files\Trend Micro
2009-06-08 14:46 . 2009-06-08 14:46 -------- d-----w- C:\!KillBox
2009-06-08 13:07 . 2009-06-08 13:07 -------- d-----w- C:\VundoFix Backups
2009-06-08 04:15 . 2009-06-08 04:15 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\Malwarebytes
2009-06-08 04:15 . 2009-06-08 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 03:37 . 2009-06-08 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-08 02:52 . 2009-06-08 02:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2009-06-08 02:52 . 2009-06-08 02:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsoBuster
2009-06-03 19:05 . 2009-06-03 19:05 -------- d-----w- c:\program files\iPod
2009-06-03 19:05 . 2009-06-03 19:06 -------- d-----w- c:\program files\iTunes
2009-06-03 19:04 . 2009-06-03 19:04 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:16 . 2009-06-03 16:48 249856 ------w- c:\windows\Setup1.exe
2009-06-03 16:16 . 2009-06-03 16:48 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- C:\ProgramData
2009-06-02 04:45 . 2009-06-02 15:47 1630 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-02 04:44 . 2009-06-02 04:44 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\Downloaded Installations
2009-06-01 03:07 . 2009-06-01 03:07 -------- d-----w- c:\program files\GuitarFX 3
2009-06-01 03:04 . 2009-06-01 03:04 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\REAPER
2009-06-01 03:03 . 2002-07-17 20:22 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2009-06-01 03:03 . 2002-07-17 20:22 5600 ----a-w- c:\windows\system\WINASPI.DLL
2009-06-01 03:03 . 2002-07-17 13:20 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-06-01 03:03 . 2002-07-17 12:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-06-01 03:03 . 2009-06-01 03:03 -------- d-----w- C:\adaptec
2009-06-01 02:31 . 2009-06-01 03:10 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\Audacity
2009-05-31 13:26 . 2009-05-31 20:23 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\GameSpy
2009-05-31 13:26 . 2009-05-31 13:26 134 ------w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\fusioncache.dat
2009-05-31 13:26 . 2009-05-31 13:27 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\ApplicationHistory
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 16:34 . 2009-05-31 13:24 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-30 16:20 . 2009-06-02 04:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-30 16:12 . 2009-05-30 16:12 -------- d-----w- c:\windows\system32\URTTEMP
2009-05-30 16:11 . 2009-05-30 16:11 22328 ------w- c:\documents and settings\Matt Stacey\Application Data\PnkBstrK.sys
2009-05-30 16:10 . 2007-07-19 22:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-05-30 16:10 . 2007-07-19 22:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-05-30 16:10 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-05-30 16:10 . 2007-05-16 20:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-05-30 16:10 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-05-30 16:10 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-05-30 16:10 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-05-30 16:04 . 2009-06-02 15:48 -------- d-----w- c:\program files\Electronic Arts
2009-05-29 14:31 . 2008-04-14 10:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-28 05:19 . 2009-05-28 05:19 -------- d-----w- C:\NVIDIA
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-25 01:21 . 2009-05-25 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-25 01:14 . 2009-05-28 05:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-25 01:14 . 2009-05-25 01:14 -------- d-----w- c:\windows\system32\AGEIA
2009-05-25 01:14 . 2009-05-28 05:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 01:14 . 2009-05-25 01:14 -------- d-----w- c:\windows\nview
2009-05-25 01:14 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-19 03:18 . 2009-05-19 03:18 -------- d-----w- c:\documents and settings\Matt Stacey\BackUp
2009-05-18 08:00 . 2009-05-18 08:04 -------- d-----w- C:\2009-05-18_04.00.02.359699.tanusgreystar-desktop.ful

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 14:33 . 2009-01-20 03:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-14 14:32 . 2009-01-23 03:49 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-12 01:33 . 2009-01-20 06:14 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\uTorrent
2009-06-09 14:26 . 2009-01-20 03:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 14:24 . 2009-01-20 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 04:40 . 2009-02-23 03:33 -------- d-----w- c:\program files\ZipZag
2009-06-08 12:48 . 2009-01-20 03:23 -------- d-----w- c:\program files\SpywareBlaster
2009-06-03 19:05 . 2009-05-06 04:39 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 16:51 . 2009-04-05 22:55 4 ----a-w- c:\windows\6816Error.dat
2009-06-03 16:51 . 2009-04-05 22:55 30720 ----a-w- c:\windows\6816White12.dat
2009-06-03 16:51 . 2009-04-05 22:55 30720 ----a-w- c:\windows\6816Dark12.dat
2009-06-03 16:51 . 2009-04-05 22:55 6 ----a-w- c:\windows\6816Exposure.dat
2009-06-03 16:51 . 2009-04-05 22:55 3 ----a-w- c:\windows\6816Offset.dat
2009-06-03 16:51 . 2009-04-05 22:55 3 ----a-w- c:\windows\6816Gain.dat
2009-06-03 16:41 . 2009-01-19 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 02:55 . 2009-01-19 23:38 68016 ------w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 05:17 . 2009-02-11 06:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-28 05:17 . 2009-02-11 06:58 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab
2009-05-19 03:21 . 2009-03-08 19:09 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\IObit
2009-05-19 02:29 . 2009-01-23 03:49 -------- d-----w- c:\program files\Symantec
2009-05-19 02:27 . 2009-02-07 19:41 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-19 02:27 . 2009-02-07 19:32 -------- d-----w- c:\program files\SlySoft
2009-05-14 05:43 . 2009-05-14 05:43 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-05-14 05:34 . 2009-05-14 05:34 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-14 05:34 . 2009-05-14 05:34 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-14 05:34 . 2009-05-14 05:34 -------- d-----w- c:\program files\Acronis
2009-05-06 04:40 . 2009-05-06 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-06 04:39 . 2009-01-26 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-06 04:39 . 2009-05-06 04:39 -------- d-----w- c:\program files\Apple Software Update
2009-05-05 03:49 . 2009-01-20 14:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-01 04:31 . 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 04:31 . 2009-05-01 04:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 04:31 . 2009-05-01 04:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 04:31 . 2009-05-01 04:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 04:31 . 2009-05-01 04:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 04:31 . 2009-05-01 04:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 04:31 . 2009-05-01 04:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-03-27 14:56 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 02:02 . 2009-03-27 14:56 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 02:02 . 2009-01-15 14:19 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 02:02 . 2009-01-15 14:19 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2009-01-15 14:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-01-15 14:19 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 02:02 . 2009-01-15 14:19 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-28 04:01 . 2009-02-08 03:48 -------- d-----w- c:\program files\Atari
2009-04-28 02:33 . 2009-02-07 19:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-27 04:42 . 2009-01-19 22:01 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-21 04:45 . 2009-04-21 04:45 -------- d-----w- c:\program files\CDisplay
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-01 01:44 . 2009-04-01 01:44 152576 ------w- c:\documents and settings\Matt Stacey\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 20:32 . 2009-05-06 04:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-02-07 19:45 . 2009-02-07 19:42 24 --sh--w- c:\windows\S56778B0B.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-03-07 17:52 1883672 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 19:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-08 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\Matt Stacey\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-22 575488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-1-25 221247]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2009-4-5 1748992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [1/19/2009 7:39 PM 1395840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/17/2009 10:47 AM 101936]
S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\docume~1\MATTST~1\LOCALS~1\Temp\FoxDriver.sys --> c:\docume~1\MATTST~1\LOCALS~1\Temp\FoxDriver.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\MATTST~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\MATTST~1\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [1/20/2009 2:14 AM 23872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\Matt Stacey\Desktop\realtemp\WinRing0.sys --> c:\documents and settings\Matt Stacey\Desktop\realtemp\WinRing0.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1637723038-1801674531-1004.job
- c:\documents and settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 19:19]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 10:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-14 10:36
ComboFix-quarantined-files.txt 2009-06-14 14:36

Pre-Run: 28,569,214,976 bytes free
Post-Run: 28,755,976,192 bytes free

225 --- E O F --- 2009-01-20 06:19


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:01 AM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O1 - Hosts: 38.113.174.32 www.google-analytics.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9685 bytes

Shaba
2009-06-14, 19:01
Then please install it manually like described in my link.

Rerun combofix afterwards and post back a fresh combofix log, please.

tanusgreystar
2009-06-15, 06:09
ComboFix 09-06-13.09 - Matt Stacey 06/14/2009 19:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2800 [GMT -4:00]
Running from: E:\ComboFix.exe
Command switches used :: c:\documents and settings\Matt Stacey\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-08 14:46 . 2009-06-08 14:46 -------- d-----w- c:\program files\Trend Micro
2009-06-08 14:46 . 2009-06-08 14:46 -------- d-----w- C:\!KillBox
2009-06-08 13:07 . 2009-06-08 13:07 -------- d-----w- C:\VundoFix Backups
2009-06-08 04:15 . 2009-06-08 04:15 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\Malwarebytes
2009-06-08 04:15 . 2009-06-08 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 03:37 . 2009-06-08 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-08 02:52 . 2009-06-08 02:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2009-06-08 02:52 . 2009-06-08 02:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsoBuster
2009-06-03 19:05 . 2009-06-03 19:05 -------- d-----w- c:\program files\iPod
2009-06-03 19:05 . 2009-06-03 19:06 -------- d-----w- c:\program files\iTunes
2009-06-03 19:04 . 2009-06-03 19:04 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:16 . 2009-06-03 16:48 249856 ------w- c:\windows\Setup1.exe
2009-06-03 16:16 . 2009-06-03 16:48 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- C:\ProgramData
2009-06-02 04:45 . 2009-06-02 15:47 1630 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-02 04:44 . 2009-06-02 04:44 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\Downloaded Installations
2009-06-01 03:07 . 2009-06-01 03:07 -------- d-----w- c:\program files\GuitarFX 3
2009-06-01 03:04 . 2009-06-01 03:04 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\REAPER
2009-06-01 03:03 . 2002-07-17 20:22 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2009-06-01 03:03 . 2002-07-17 20:22 5600 ----a-w- c:\windows\system\WINASPI.DLL
2009-06-01 03:03 . 2002-07-17 13:20 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-06-01 03:03 . 2002-07-17 12:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-06-01 03:03 . 2009-06-01 03:03 -------- d-----w- C:\adaptec
2009-06-01 02:31 . 2009-06-01 03:10 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\Audacity
2009-05-31 13:26 . 2009-05-31 20:23 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\GameSpy
2009-05-31 13:26 . 2009-05-31 13:26 134 ------w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\fusioncache.dat
2009-05-31 13:26 . 2009-05-31 13:27 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\ApplicationHistory
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 16:34 . 2009-05-31 13:24 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-30 16:20 . 2009-06-02 04:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-30 16:12 . 2009-05-30 16:12 -------- d-----w- c:\windows\system32\URTTEMP
2009-05-30 16:11 . 2009-05-30 16:11 22328 ------w- c:\documents and settings\Matt Stacey\Application Data\PnkBstrK.sys
2009-05-30 16:10 . 2007-07-19 22:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-05-30 16:10 . 2007-07-19 22:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-05-30 16:10 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-05-30 16:10 . 2007-05-16 20:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-05-30 16:10 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-05-30 16:10 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-05-30 16:10 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-05-30 16:04 . 2009-06-02 15:48 -------- d-----w- c:\program files\Electronic Arts
2009-05-29 14:31 . 2008-04-14 10:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-28 05:19 . 2009-05-28 05:19 -------- d-----w- C:\NVIDIA
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-25 01:21 . 2009-05-25 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-25 01:14 . 2009-05-28 05:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-25 01:14 . 2009-05-25 01:14 -------- d-----w- c:\windows\system32\AGEIA
2009-05-25 01:14 . 2009-05-28 05:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 01:14 . 2009-05-25 01:14 -------- d-----w- c:\windows\nview
2009-05-25 01:14 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-19 03:18 . 2009-05-19 03:18 -------- d-----w- c:\documents and settings\Matt Stacey\BackUp
2009-05-18 08:00 . 2009-05-18 08:04 -------- d-----w- C:\2009-05-18_04.00.02.359699.tanusgreystar-desktop.ful

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 23:29 . 2009-01-23 03:49 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-14 14:33 . 2009-01-20 03:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-12 01:33 . 2009-01-20 06:14 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\uTorrent
2009-06-09 14:26 . 2009-01-20 03:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 14:24 . 2009-01-20 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 04:40 . 2009-02-23 03:33 -------- d-----w- c:\program files\ZipZag
2009-06-08 12:48 . 2009-01-20 03:23 -------- d-----w- c:\program files\SpywareBlaster
2009-06-03 19:05 . 2009-05-06 04:39 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 16:51 . 2009-04-05 22:55 4 ----a-w- c:\windows\6816Error.dat
2009-06-03 16:51 . 2009-04-05 22:55 30720 ----a-w- c:\windows\6816White12.dat
2009-06-03 16:51 . 2009-04-05 22:55 30720 ----a-w- c:\windows\6816Dark12.dat
2009-06-03 16:51 . 2009-04-05 22:55 6 ----a-w- c:\windows\6816Exposure.dat
2009-06-03 16:51 . 2009-04-05 22:55 3 ----a-w- c:\windows\6816Offset.dat
2009-06-03 16:51 . 2009-04-05 22:55 3 ----a-w- c:\windows\6816Gain.dat
2009-06-03 16:41 . 2009-01-19 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 02:55 . 2009-01-19 23:38 68016 ------w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 05:17 . 2009-02-11 06:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-28 05:17 . 2009-02-11 06:58 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab
2009-05-19 03:21 . 2009-03-08 19:09 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\IObit
2009-05-19 02:29 . 2009-01-23 03:49 -------- d-----w- c:\program files\Symantec
2009-05-19 02:27 . 2009-02-07 19:41 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-19 02:27 . 2009-02-07 19:32 -------- d-----w- c:\program files\SlySoft
2009-05-14 05:43 . 2009-05-14 05:43 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-05-14 05:34 . 2009-05-14 05:34 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-14 05:34 . 2009-05-14 05:34 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-14 05:34 . 2009-05-14 05:34 -------- d-----w- c:\program files\Acronis
2009-05-06 04:40 . 2009-05-06 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-06 04:39 . 2009-01-26 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-06 04:39 . 2009-05-06 04:39 -------- d-----w- c:\program files\Apple Software Update
2009-05-05 03:49 . 2009-01-20 14:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-01 04:31 . 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 04:31 . 2009-05-01 04:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 04:31 . 2009-05-01 04:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 04:31 . 2009-05-01 04:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 04:31 . 2009-05-01 04:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 04:31 . 2009-05-01 04:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 04:31 . 2009-05-01 04:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-03-27 14:56 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 02:02 . 2009-03-27 14:56 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 02:02 . 2009-01-15 14:19 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 02:02 . 2009-01-15 14:19 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2009-01-15 14:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-01-15 14:19 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 02:02 . 2009-01-15 14:19 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-28 04:01 . 2009-02-08 03:48 -------- d-----w- c:\program files\Atari
2009-04-28 02:33 . 2009-02-07 19:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-27 04:42 . 2009-01-19 22:01 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-21 04:45 . 2009-04-21 04:45 -------- d-----w- c:\program files\CDisplay
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-01 01:44 . 2009-04-01 01:44 152576 ------w- c:\documents and settings\Matt Stacey\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 20:32 . 2009-05-06 04:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-02-07 19:45 . 2009-02-07 19:42 24 --sh--w- c:\windows\S56778B0B.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-06-14_14.35.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-14 23:24 . 2009-06-14 23:24 16384 c:\windows\Temp\Perflib_Perfdata_3dc.dat
+ 2001-08-30 10:30 . 2009-06-14 23:28 63334 c:\windows\system32\perfc009.dat
- 2001-08-30 10:30 . 2009-06-14 14:34 63334 c:\windows\system32\perfc009.dat
+ 2001-08-30 10:30 . 2009-06-14 23:28 403858 c:\windows\system32\perfh009.dat
- 2001-08-30 10:30 . 2009-06-14 14:34 403858 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-03-07 17:52 1883672 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 19:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-08 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\Matt Stacey\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-22 575488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-1-25 221247]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2009-4-5 1748992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [1/19/2009 7:39 PM 1395840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/17/2009 10:47 AM 101936]
S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\docume~1\MATTST~1\LOCALS~1\Temp\FoxDriver.sys --> c:\docume~1\MATTST~1\LOCALS~1\Temp\FoxDriver.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\MATTST~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\MATTST~1\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [1/20/2009 2:14 AM 23872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\Matt Stacey\Desktop\realtemp\WinRing0.sys --> c:\documents and settings\Matt Stacey\Desktop\realtemp\WinRing0.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1637723038-1801674531-1004.job
- c:\documents and settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 19:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-14 19:32
ComboFix-quarantined-files.txt 2009-06-14 23:32
ComboFix2.txt 2009-06-14 14:36

Pre-Run: 25,270,919,168 bytes free
Post-Run: 25,269,538,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

234 --- E O F --- 2009-01-20 06:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:13 PM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O1 - Hosts: 38.113.174.32 www.google-analytics.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9652 bytes
sorry

Shaba
2009-06-15, 07:15
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


Folder::
c:\documents and settings\Matt Stacey\Application Data\uTorrent

Registry::
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

tanusgreystar
2009-06-15, 19:55
ComboFix 09-06-13.09 - Matt Stacey 06/15/2009 12:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2802 [GMT -4:00]
Running from: c:\documents and settings\Matt Stacey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt Stacey\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt Stacey\Application Data\uTorrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\(2003) The Karelian Isthmus - Privilege Of Evil [V0].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\[2008] Traced In Air.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\1349.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\1994 - The Trooper.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\1995 - Gradually Melted EP.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\1999 - Chaos Preferred Demo.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Absu.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Acronis Disk Director Suite [v10.0.2160].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Alcohol 120% v1.9.7 (Build 6221) [CiM Patch][h33t][matt14].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Aleister Crowley.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Anthrax - Spreading The Disease (1985) FLAC.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\At The Gates - Discografia [www.heavytorrents.org] [By Carlonirv].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Behemoth.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Benediction - Organised Chaos FLAC (2001).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Black Sabbath - Technical Ecstasy [Black Box Disc 7] [1976, 2004, EAC Flac].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Blavatsky - Theosophy.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\brain drill-apocalyptic feasting.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Brain Drill - Discography.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Cannibal Corpse.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Cannibal_Corpse-Evisceration_Plague-Promo-2009-QTXMp3.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Carcass Discography [www.metal-legions.com].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Carcass Rarities.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Carcass Reissues.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Carpathian Forest Discografia [www.heavytorrents.org].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Cenotaph - Voluptuously Puked Genitals - SSS.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Coma of Souls.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Coven.1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Coven.2.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Coven.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Crysis CD-KEYS.txt.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Crysis Special Edition.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Daemon.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Dark Funeral - Attera Totus Sanctus 2005 Metal.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Dark Funeral (??????, 1993, Melodic Black Metal).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Decrepit Birth - Diminishing Between Worlds FLAC (2008).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Deeds Of Flesh Disco.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Deeds Of Flesh.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Deicide-Till_Death_Do_Us_Part-2008-BERC.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Deicide - 2004 - Scars Of The Crucifix.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Destruction-D.E.V.O.L.U.T.I.O.N-Retail-2008-gF.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\dht.dat
c:\documents and settings\Matt Stacey\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Dimebag Darrell - Dimevision V1.avi.1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Dimebag Darrell - Dimevision V1.avi.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Discografia Emperor [www.heavytorrents.org].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Dissection.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Fire Up the Blades.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Gallhammer-Ruin_of_a_Church-2008-MTD.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Gorgoroth Discografia (www.heavytorrents.tk) by Obed.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Gorgoroth.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Gorguts - Considered Dead FLAC (1991).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Heaven and Hell.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Impaled Nazarene-discografia[heavytorrents.org]morgenröte.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Incantation - Blasphemous Cremation (2008).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Incantation.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Iron Maiden - Flight 666 the Original Soundtrack-2CD-(Live)-2009.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\iTunesLyricsLocator-1.2.1 RB.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Kreator - 2009 - Hordes Of Chaos.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Massacre (USA) - The Second Coming (2008) (Re-relased) [mp3@320] [Death Metal].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Mayhem - Life Eternal [ep] (2009), Black Metal.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Mayhem - The Rarities.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Mechanism - Inspired Horrific - 2009.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Metallica - 1983-1984 Tales From The Cliff, Kill Em All and Ride The Lightning Demos.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Metallica - Broken Beat and Scarred (2CD) (2009).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Metallica_-_The_First_Demo_Tape__Demo__-_1982.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Mictlantecuhtli - Warriors of the Black Sun (2008) [www.heavytorrents.org].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Misery Index - Discordia (2006).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Morbid Angel - Official Demos.1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Morbid Angel - Official Demos.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Morbid Angel.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Morbid.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Mortician & Fleshgrind Split - (2004) - Living Dead 192kbps.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Motorhead-Bomber [Remaster]-2004(1979)320k.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Motorhead - 1916 (1991) [xstone] FLAC.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Motorhead Discography.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Nachtmystium -Ep 2009- Doomsday Derelicts.1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Nachtmystium -Ep 2009- Doomsday Derelicts.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Nasum.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Nevermore - The Year of the Voyager DVD 2008.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Neverwinter Nights 2 Platinum Collection.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Nile.1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Nile.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Obscura - Cosmogenesis.2009.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Partitioning Soft.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Pestilence.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Portable Apps v1.5.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Prostitute Disfigurement - Descendants Of Depravity (2008) [www.heavytorrents.org].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\QEMU manager.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\resume.dat
c:\documents and settings\Matt Stacey\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Righteous Pigs - Stress Related (320kbps).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Rotten Sound - 7 Albuns.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\rss.dat
c:\documents and settings\Matt Stacey\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Sacrifice - Forward to Termination (1987) [VINYL RIP - FLAC].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Samael - Worship Him (Deluxe Edition).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Satan - Live in the Act.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\settings.dat
c:\documents and settings\Matt Stacey\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Severe Torture - Sworn Vengeance 2007 [www.heavytorrents.org].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Skyclad 12 albums (APE+Flac).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Sodom - Discography [www.heavytorrents.org].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Suffocation, Malevolent Creation, Exhorder & Cancer - 1994 - Live Death (split).1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Suffocation, Malevolent Creation, Exhorder & Cancer - 1994 - Live Death (split).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Symantec Antivirus 10.2 Corporate for Vista.zip.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Symantec AntiVirus Corporate Edition 10.1.7000.7 for Windows 32-64-bit RETAIL.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Tardy Brothers - Bloodline.2009.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Terrorizer Pack.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\The Black Dahlia Murder - Majesty (2009).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Type O Negative - Bloody Kisses-(Top-Shelf Edition)-2CD [2009].1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Type O Negative - Bloody Kisses-(Top-Shelf Edition)-2CD [2009].torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\UNLEASHED - Shadows in the deep (1992).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Matt Stacey\Application Data\uTorrent\V. A. - I can't believe it's not Grindcore VOL.1 [2001] (128kbps).torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Voivod-War and Pain.1.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Voivod-War and Pain.2.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Voivod-War and Pain.3.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Voivod-War and Pain.4.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Voivod-War and Pain.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Win4Lin Pro Desktop 3.5.torrent
c:\documents and settings\Matt Stacey\Application Data\uTorrent\Win4LinPro-6.3.5.01- H33t.com.torrent

.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 08:00 . 2009-06-15 08:05 -------- d-----w- C:\2009-06-15_04.00.02.544774.tanusgreystar-desktop.ful
2009-06-08 14:46 . 2009-06-08 14:46 -------- d-----w- c:\program files\Trend Micro
2009-06-08 14:46 . 2009-06-08 14:46 -------- d-----w- C:\!KillBox
2009-06-08 13:07 . 2009-06-08 13:07 -------- d-----w- C:\VundoFix Backups
2009-06-08 04:15 . 2009-06-08 04:15 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\Malwarebytes
2009-06-08 04:15 . 2009-06-08 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 03:37 . 2009-06-08 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-08 02:52 . 2009-06-08 02:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2009-06-08 02:52 . 2009-06-08 02:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsoBuster
2009-06-03 19:05 . 2009-06-03 19:05 -------- d-----w- c:\program files\iPod
2009-06-03 19:05 . 2009-06-03 19:06 -------- d-----w- c:\program files\iTunes
2009-06-03 19:04 . 2009-06-03 19:04 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:16 . 2009-06-03 16:48 249856 ------w- c:\windows\Setup1.exe
2009-06-03 16:16 . 2009-06-03 16:48 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- C:\ProgramData
2009-06-02 04:45 . 2009-06-02 15:47 1630 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-02 04:44 . 2009-06-02 04:44 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\Downloaded Installations
2009-06-01 03:07 . 2009-06-01 03:07 -------- d-----w- c:\program files\GuitarFX 3
2009-06-01 03:04 . 2009-06-01 03:04 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\REAPER
2009-06-01 03:03 . 2002-07-17 20:22 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2009-06-01 03:03 . 2002-07-17 20:22 5600 ----a-w- c:\windows\system\WINASPI.DLL
2009-06-01 03:03 . 2002-07-17 13:20 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-06-01 03:03 . 2002-07-17 12:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-06-01 03:03 . 2009-06-01 03:03 -------- d-----w- C:\adaptec
2009-06-01 02:31 . 2009-06-01 03:10 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\Audacity
2009-05-31 13:26 . 2009-05-31 20:23 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\GameSpy
2009-05-31 13:26 . 2009-05-31 13:26 134 ------w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\fusioncache.dat
2009-05-31 13:26 . 2009-05-31 13:27 -------- d-----w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\ApplicationHistory
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 16:34 . 2009-05-31 13:24 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-30 16:20 . 2009-06-02 04:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-30 16:12 . 2009-05-30 16:12 -------- d-----w- c:\windows\system32\URTTEMP
2009-05-30 16:11 . 2009-05-30 16:11 22328 ------w- c:\documents and settings\Matt Stacey\Application Data\PnkBstrK.sys
2009-05-30 16:10 . 2007-07-19 22:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-05-30 16:10 . 2007-07-19 22:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-05-30 16:10 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-05-30 16:10 . 2007-05-16 20:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-05-30 16:10 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-05-30 16:10 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-05-30 16:10 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-05-30 16:04 . 2009-06-02 15:48 -------- d-----w- c:\program files\Electronic Arts
2009-05-29 14:31 . 2008-04-14 10:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-28 05:19 . 2009-05-28 05:19 -------- d-----w- C:\NVIDIA
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-28 05:17 . 2009-05-28 05:17 290816 ------w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-25 01:21 . 2009-05-25 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-25 01:14 . 2009-05-28 05:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-25 01:14 . 2009-05-25 01:14 -------- d-----w- c:\windows\system32\AGEIA
2009-05-25 01:14 . 2009-05-28 05:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 01:14 . 2009-05-25 01:14 -------- d-----w- c:\windows\nview
2009-05-25 01:14 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-19 03:18 . 2009-05-19 03:18 -------- d-----w- c:\documents and settings\Matt Stacey\BackUp
2009-05-18 08:00 . 2009-05-18 08:04 -------- d-----w- C:\2009-05-18_04.00.02.359699.tanusgreystar-desktop.ful

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 16:45 . 2009-01-23 03:49 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-14 14:33 . 2009-01-20 03:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 14:26 . 2009-01-20 03:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 14:24 . 2009-01-20 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 04:40 . 2009-02-23 03:33 -------- d-----w- c:\program files\ZipZag
2009-06-08 12:48 . 2009-01-20 03:23 -------- d-----w- c:\program files\SpywareBlaster
2009-06-03 19:05 . 2009-05-06 04:39 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 16:51 . 2009-04-05 22:55 4 ----a-w- c:\windows\6816Error.dat
2009-06-03 16:51 . 2009-04-05 22:55 30720 ----a-w- c:\windows\6816White12.dat
2009-06-03 16:51 . 2009-04-05 22:55 30720 ----a-w- c:\windows\6816Dark12.dat
2009-06-03 16:51 . 2009-04-05 22:55 6 ----a-w- c:\windows\6816Exposure.dat
2009-06-03 16:51 . 2009-04-05 22:55 3 ----a-w- c:\windows\6816Offset.dat
2009-06-03 16:51 . 2009-04-05 22:55 3 ----a-w- c:\windows\6816Gain.dat
2009-06-03 16:41 . 2009-01-19 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 02:55 . 2009-01-19 23:38 68016 ------w- c:\documents and settings\Matt Stacey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 05:17 . 2009-02-11 06:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-28 05:17 . 2009-02-11 06:58 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\SystemRequirementsLab
2009-05-19 03:21 . 2009-03-08 19:09 -------- d-----w- c:\documents and settings\Matt Stacey\Application Data\IObit
2009-05-19 02:29 . 2009-01-23 03:49 -------- d-----w- c:\program files\Symantec
2009-05-19 02:27 . 2009-02-07 19:41 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-19 02:27 . 2009-02-07 19:32 -------- d-----w- c:\program files\SlySoft
2009-05-14 05:43 . 2009-05-14 05:43 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-05-14 05:34 . 2009-05-14 05:34 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-14 05:34 . 2009-05-14 05:34 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-14 05:34 . 2009-05-14 05:34 -------- d-----w- c:\program files\Acronis
2009-05-06 04:40 . 2009-05-06 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-06 04:39 . 2009-01-26 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-06 04:39 . 2009-05-06 04:39 -------- d-----w- c:\program files\Apple Software Update
2009-05-05 03:49 . 2009-01-20 14:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-01 04:31 . 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 04:31 . 2009-05-01 04:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 04:31 . 2009-05-01 04:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 04:31 . 2009-05-01 04:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 04:31 . 2009-05-01 04:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 04:31 . 2009-05-01 04:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 04:31 . 2009-05-01 04:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-03-27 14:56 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 02:02 . 2009-03-27 14:56 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 02:02 . 2009-01-15 14:19 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 02:02 . 2009-01-15 14:19 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2009-01-15 14:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-01-15 14:19 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 02:02 . 2009-01-15 14:19 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-28 04:01 . 2009-02-08 03:48 -------- d-----w- c:\program files\Atari
2009-04-28 02:33 . 2009-02-07 19:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-27 04:42 . 2009-01-19 22:01 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-21 04:45 . 2009-04-21 04:45 -------- d-----w- c:\program files\CDisplay
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-01 01:44 . 2009-04-01 01:44 152576 ------w- c:\documents and settings\Matt Stacey\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 20:32 . 2009-05-06 04:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-02-07 19:45 . 2009-02-07 19:42 24 --sh--w- c:\windows\S56778B0B.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-06-14_14.35.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 16:35 . 2009-06-15 16:35 16384 c:\windows\Temp\Perflib_Perfdata_3e4.dat
+ 2001-08-30 10:30 . 2009-06-15 16:40 63334 c:\windows\system32\perfc009.dat
- 2001-08-30 10:30 . 2009-06-14 14:34 63334 c:\windows\system32\perfc009.dat
+ 2001-08-30 10:30 . 2009-06-15 16:40 403858 c:\windows\system32\perfh009.dat
- 2001-08-30 10:30 . 2009-06-14 14:34 403858 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-03-07 17:52 1883672 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 19:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-08 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\Matt Stacey\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-22 575488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-1-25 221247]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2009-4-5 1748992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [1/19/2009 7:39 PM 1395840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/17/2009 10:47 AM 101936]
S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\docume~1\MATTST~1\LOCALS~1\Temp\FoxDriver.sys --> c:\docume~1\MATTST~1\LOCALS~1\Temp\FoxDriver.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\MATTST~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\MATTST~1\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [1/20/2009 2:14 AM 23872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\Matt Stacey\Desktop\realtemp\WinRing0.sys --> c:\documents and settings\Matt Stacey\Desktop\realtemp\WinRing0.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1637723038-1801674531-1004.job
- c:\documents and settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 12:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-15 12:47
ComboFix-quarantined-files.txt 2009-06-15 16:47
ComboFix2.txt 2009-06-14 23:32
ComboFix3.txt 2009-06-14 14:36

Pre-Run: 23,289,126,912 bytes free
Post-Run: 23,275,765,760 bytes free

342 --- E O F --- 2009-01-20 06:19

Shaba
2009-06-15, 20:13
Looks like we have illegal software to remove.

Uninstall this:

Symantec Antivirus

You can install antivirus from below after that:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Post back a fresh HijackThis log, please.

tanusgreystar
2009-06-16, 00:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:09 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O1 - Hosts: 38.113.174.32 www.google-analytics.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt Stacey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9959 bytes

Shaba
2009-06-16, 07:16
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

tanusgreystar
2009-06-17, 00:55
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 16, 2009 20:59:57
Records in database: 2352537
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 68993
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:00:32


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\pp10.exe.vir Infected: Net-Worm.Win32.Koobface.rv 1
C:\System Volume Information\_restore{8437F567-198F-419E-9C72-5A6CFBCD692C}\RP52\A0008005.exe Infected: Net-Worm.Win32.Koobface.ry 1
C:\System Volume Information\_restore{8437F567-198F-419E-9C72-5A6CFBCD692C}\RP56\A0009316.exe Infected: Net-Worm.Win32.Koobface.rv 1

The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:41 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auto.search.msn.com/response.asp?MT=google+Chrome.lnk&srch=0&prov=&utf8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O1 - Hosts: 38.113.174.32 www.google-analytics.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9669 bytes

Shaba
2009-06-17, 07:07
Empty this folder:

C:\Qoobox\Quarantine

Empty Recycle Bin.

Still problems?

tanusgreystar
2009-06-17, 08:58
I'm able to use IE. I had to reinstall Firefox to get it to work. Other than that, I don't seem to be having any issues. Thanks very much for your help!

Shaba
2009-06-17, 09:29
Good :)

Uninstall Zone Alarm Spyblocker via add/remove programs.

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>l
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Close all windows including browser and press fix checked.

Reboot.

Delete this if present:

C:\Program Files\AskBarDis

Empty Recycle Bin.

Still problems?

tanusgreystar
2009-06-17, 23:15
No problems I can see.

Shaba
2009-06-18, 07:06
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)

Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Shaba
2009-06-21, 11:45
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.