[Active] Please help..parasite on my pc

**babotzkie** · 09-08-2009

my pc is rebooting too slow,i think there's a virus on my pc, can u give me some advise also to prevent this?

below is my hijackthis log file. please help. thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:12 PM, on 8/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\apache\bin\httpd.exe
c:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook | Facebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\babotz\LOCALS~1\Temp\AVSETUP_49f73b50\ basic\avupgsvc.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MySQL - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7532 bytes

**broni** · 09-08-2009

Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")

I assume, Kaspersky is your current security program, but you had BitDefender installed before?

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15020 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**babotzkie** · 10-08-2009

im working on it.. ill post later.. thx for the rep and advise..

**broni** · 10-08-2009

No problem

**babotzkie** · 10-08-2009

broni, i have something to ask, my pc restart when i was scanning twice,it detects some infected objects when i was using superantispyware and gme, but when i scan for the second time, the infected objects didn't appear,its that ok? i know it won't appear in the log.

what should i do now?

another question, my recycle bin's name replace to G.W.Bush when the virus infected my pc, how can i restore it?

**broni** · 10-08-2009

my recycle bin's name replace to G.W.Bush when the virus infected my pc, how can i restore it?

Haha...right click on it, and click Rename (I'm on Vista now, I'm not sure, if XP has that option, if not, don't worry about it for now).

Please, proceed with Malwarebytes.

**babotzkie** · 10-08-2009

before i post the logs, i install googlechrome so that i can post here because my other browser is not working well because of the virus(maybe), and i uninstall kaspersky and install avast home edition before i read your first reply..

lets continue,

this is my computer information:

Intel Core2Duo E7400
2gb Ram
HD memory capacity(Partition)
C: 63.4GB Used
33.8GB Free

D: 36.2GB Used
15.5GB Free

Below is my log of malwarebyte and HiJackThis ONLY because the gmer or rootkit can't finished scanning, dont know why, i try couple of times but it ends in hang in there and the only thing i can do is to restart my pc, for me this is not good

malwarebyte log:

Malwarebytes' Anti-Malware 1.40
Database version: 2589
Windows 5.1.2600 Service Pack 2

8/10/2009 5:18:28 PM
mbam-log-2009-08-10 (17-18-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 325210
Time elapsed: 41 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yiwqpkdd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rdizher.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f0bd3501-5201-4d9e-ad30-d74f8355ea72} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kzycorsw (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f0bd3501-5201-4d9e-ad30-d74f8355ea72} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{01601e6d-5932-42c3-a54f-7f00546c2800} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01601e6d-5932-42c3-a54f-7f00546c2800} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{01601e6d-5932-42c3-a54f-7f00546c2800} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f mtrblkv (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\fmtrblkv (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f0bd3501-5201-4d9e-ad30-d74f8355ea72} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ieakhelpstring (Worm.Huelar) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\rdizher.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yiwqpkdd.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\babotz\Desktop\myweb(boie)\ConvertXtoDVD 3.0.0.7 Final And Patch (19th March 2008)\patch.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\VSO\ConvertX\3\patch.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\solution.vbs (Worm.AutoRun) -> No action taken.

The next log is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:54 AM, on 8/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\babotz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\babotz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\babotz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook | Facebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\babotz\LOCALS~1\Temp\AVSETUP_49f73b50\ basic\avupgsvc.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MySQL - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8248 bytes

No action taken for malwarebyte? dont know why but i selected them to remove for sure.

Please Help, i appreciate for your time.. Thanks!

**broni** · 10-08-2009

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**babotzkie** · 10-08-2009

ok ill try..

**babotzkie** · 10-08-2009

Combofix log file:

ComboFix 09-08-10.01 - babotz 08/11/2009 3:13.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1521 [GMT 8:00]
Running from: c:\documents and settings\babotz\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: F-Secure Anti-Virus 2008 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrgoxvkkwb
-------\Legacy_geyekrgoxvkkwb

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 14:11 . 2009-08-10 14:11 -------- d-----w- c:\documents and settings\babotz\Local Settings\Application Data\Google
2009-08-10 09:28 . 2009-08-10 09:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-10 09:27 . 2009-08-10 09:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 09:27 . 2009-08-10 09:27 -------- d-----w- c:\documents and settings\babotz\Application Data\SUPERAntiSpyware.com
2009-08-09 12:11 . 2009-08-09 12:12 -------- d-----w- C:\Program FilesFreezeTag Games%Mystery masterpiece-The Moonstone
2009-08-09 12:02 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-09 12:02 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-09 12:02 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-09 12:02 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-09 12:02 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-09 12:02 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-09 12:02 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-09 12:02 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 12:02 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-06 14:44 . 2007-03-18 12:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-06 14:44 . 2006-09-29 04:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-06 14:44 . 2006-09-29 04:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-06 14:44 . 2006-09-29 04:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-07-26 06:40 . 2009-07-26 06:45 -------- d-----w- c:\documents and settings\Kids\Application Data\Mysteryville2
2009-07-25 04:42 . 2009-07-25 04:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Astar Games
2009-07-24 02:18 . 2009-07-24 02:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-07-24 02:15 . 2009-07-24 02:15 -------- d-----w- c:\program files\Bonjour
2009-07-24 02:09 . 2009-07-24 02:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-23 20:12 . 2009-07-23 20:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-23 10:49 . 2009-08-02 10:57 -------- d-----w- c:\documents and settings\babotz\Application Data\iWin
2009-07-21 03:38 . 2009-07-21 03:38 -------- d-----w- c:\documents and settings\babotz\Application Data\Uniblue
2009-07-21 03:12 . 2009-07-21 15:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SITEguard
2009-07-21 03:11 . 2009-07-23 06:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\STOPzilla!
2009-07-21 03:11 . 2009-07-21 03:11 -------- d-----w- c:\program files\Common Files\iS3
2009-07-19 15:32 . 2009-07-19 15:32 -------- d--h--w- c:\windows\PIF
2009-07-19 15:05 . 2009-07-19 15:05 -------- d-----w- c:\documents and settings\babotz\Local Settings\Application Data\Oberon Games
2009-07-19 09:45 . 2009-08-02 11:01 -------- d-----w- c:\documents and settings\babotz\Saved Games
2009-07-18 17:40 . 2009-07-18 17:40 -------- d-----w- c:\program files\Laura Jones and the Gates of Good and Evil
2009-07-18 17:40 . 2009-07-18 17:40 -------- d-----w- c:\windows\Laura Jones and the Gates of Good and Evil
2009-07-18 16:04 . 2009-07-18 16:04 -------- d-----w- c:\program files\Dream Chronicles The Chosen Child
2009-07-18 16:04 . 2009-07-18 16:04 -------- d-----w- c:\windows\Dream Chronicles The Chosen Child
2009-07-18 11:48 . 2009-07-18 12:05 -------- d-----w- c:\documents and settings\babotz\Application Data\Mysteryville2
2009-07-18 11:48 . 2009-07-18 11:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trymedia
2009-07-18 11:47 . 2009-08-01 06:04 -------- d-----w- c:\program files\Yahoo! Games
2009-07-18 09:58 . 2009-07-18 09:58 -------- d-----w- c:\program files\Web Publish
2009-07-18 03:35 . 2009-07-20 05:21 -------- d-----w- c:\documents and settings\babotz\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2009-07-18 03:35 . 2009-07-18 03:35 -------- d-----w- c:\documents and settings\babotz\Local Settings\Application Data\ashampoo
2009-07-18 03:35 . 2009-07-18 03:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ashampoo
2009-07-18 03:35 . 2009-07-18 03:35 -------- d-----w- c:\program files\Ashampoo
2009-07-17 07:56 . 2009-07-17 07:56 -------- d-----w- c:\documents and settings\babotz\Application Data\AdobeUM
2009-07-13 06:54 . 2009-07-17 07:56 -------- d-----w- c:\documents and settings\babotz\Local Settings\Application Data\Adobe
2009-07-12 19:33 . 2009-08-09 16:41 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-12 19:32 . 2009-07-12 19:32 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-07-12 19:32 . 2009-07-12 19:32 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-07-12 19:31 . 2009-07-12 19:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-07-12 19:31 . 2009-07-12 19:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-12 19:18 . 2009-07-12 19:18 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-12 19:18 . 2009-08-10 14:05 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-12 19:18 . 2009-07-12 19:18 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-07-12 19:16 . 2009-07-12 21:06 321632 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-12 19:15 . 2009-08-09 16:55 -------- d-----w- c:\program files\MSBuild
2009-07-12 19:15 . 2009-07-12 19:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-12 19:15 . 2009-07-12 19:15 -------- d-----w- c:\program files\Reference Assemblies
2009-07-12 19:15 . 2006-06-29 05:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-12 19:12 . 2006-10-16 08:10 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-12 01:47 . 2009-07-12 01:51 -------- d-----w- c:\program files\TC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-10 14:06 . 2009-05-09 00:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-08-10 09:25 . 2009-04-09 11:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 09:18 . 2009-06-25 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 05:17 . 2009-04-22 11:49 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-09 17:43 . 2009-04-09 09:41 70768 ----a-w- c:\documents and settings\babotz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 17:39 . 2009-06-28 04:51 -------- d-----w- c:\documents and settings\babotz\Application Data\BitTorrent
2009-08-09 16:42 . 2009-05-09 00:22 -------- d-----w- c:\program files\Microsoft.NET
2009-08-09 12:16 . 2009-05-12 13:49 -------- d-----w- c:\program files\Games
2009-08-09 09:57 . 2009-05-08 06:45 -------- d-----w- c:\program files\Winamp
2009-08-09 08:56 . 2009-06-02 01:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-08 07:15 . 2009-08-01 14:21 -------- d-----w- c:\documents and settings\babotz\Application Data\Vso
2009-08-07 15:19 . 2009-08-06 11:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2009-08-06 14:44 . 2009-08-01 14:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-06 14:44 . 2009-08-01 14:21 47360 ----a-w- c:\documents and settings\babotz\Application Data\pcouffin.sys
2009-08-06 14:44 . 2009-08-06 14:44 -------- d-----w- c:\program files\VSO
2009-08-06 11:57 . 2009-08-06 11:57 -------- d-----w- c:\program files\bfgclient
2009-08-05 11:33 . 2009-06-26 11:45 -------- d-----w- c:\program files\Garena
2009-08-04 09:14 . 2009-08-04 09:13 21842 ----a-w- c:\windows\scunin.dat
2009-08-04 09:14 . 2009-08-04 09:13 967 ----a-w- c:\windows\ScUnin.pif
2009-08-04 09:14 . 2009-08-04 09:13 94208 ----a-w- c:\windows\ScUnin.exe
2009-08-04 04:48 . 2009-06-28 04:42 -------- d-----w- c:\program files\AskBarDis
2009-08-03 05:36 . 2009-06-25 01:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 05:36 . 2009-06-25 01:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 06:51 . 2009-04-21 01:11 71208 ----a-w- c:\documents and settings\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-30 18:04 . 2009-05-10 17:09 -------- d-----w- c:\program files\Warcraft III
2009-07-30 14:12 . 2009-05-08 06:45 -------- d-----w- c:\documents and settings\babotz\Application Data\Winamp
2009-07-24 08:20 . 2009-04-20 03:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-23 06:26 . 2009-07-23 06:25 1024 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-18 16:04 . 2009-05-12 19:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PlayFirst
2009-07-18 08:20 . 2009-07-18 08:20 2678 ----a-w- c:\windows\java\Packages\Data\XFNTRPB7.DAT
2009-07-18 08:20 . 2009-07-18 08:20 2678 ----a-w- c:\windows\java\Packages\Data\E9RVPJ13.DAT
2009-07-18 08:20 . 2009-07-18 08:20 2678 ----a-w- c:\windows\java\Packages\Data\63VHR3HV.DAT
2009-07-18 08:20 . 2009-07-18 08:20 2678 ----a-w- c:\windows\java\Packages\Data\HRF73D35.DAT
2009-07-11 07:37 . 2009-07-01 05:41 -------- d-----w- c:\documents and settings\babotz\Application Data\Skype
2009-07-11 06:04 . 2009-07-09 11:23 -------- d-----w- c:\documents and settings\babotz\Application Data\FileZilla
2009-07-11 04:30 . 2009-05-10 06:09 -------- d-----w- c:\program files\Avira
2009-07-10 06:21 . 2009-06-27 08:21 -------- d-----w- c:\program files\Winferno
2009-07-10 06:20 . 2009-05-12 09:53 -------- d-----w- c:\program files\Left 4 Dead
2009-07-09 11:23 . 2009-07-09 11:23 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-09 10:17 . 2009-05-09 00:29 -------- d-----w- c:\program files\Autorun Eater
2009-07-09 10:17 . 2009-07-09 10:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Autorun Eater
2009-07-05 19:52 . 2009-05-25 13:43 -------- d-----w- c:\documents and settings\babotz\Application Data\DMCache
2009-07-05 17:49 . 2009-07-05 08:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-05 08:38 . 2009-06-26 08:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-07-05 08:38 . 2009-06-01 14:35 -------- d-----w- c:\program files\Yahoo!
2009-07-04 23:53 . 2009-04-14 05:44 261 ----a-w- c:\windows\popcinfo.dat
2009-07-03 02:27 . 2009-07-03 02:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DVD Shrink
2009-07-02 18:12 . 2009-06-26 17:05 -------- d-----w- c:\documents and settings\babotz\Application Data\Camfrog
2009-07-01 05:41 . 2009-07-01 05:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-01 05:41 . 2009-07-01 05:41 -------- d-----w- c:\documents and settings\babotz\Application Data\skypePM
2009-07-01 05:41 . 2009-07-01 05:41 -------- d-----w- c:\program files\Common Files\Skype
2009-07-01 05:41 . 2009-07-01 05:40 -------- d-----r- c:\program files\Skype
2009-07-01 05:41 . 2009-07-01 05:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Skype
2009-06-30 20:41 . 2009-06-28 04:42 -------- d-----w- c:\documents and settings\babotz\Application Data\DNA
2009-06-30 07:32 . 2009-06-28 04:42 -------- d-----w- c:\program files\DNA
2009-06-30 06:09 . 2009-06-30 06:09 -------- d-----w- c:\documents and settings\babotz\Application Data\cerasus.media
2009-06-30 06:09 . 2009-06-30 06:09 -------- d-----w- c:\documents and settings\babotz\Application Data\cerasus
2009-06-28 21:01 . 2009-04-24 10:42 -------- d-----w- c:\program files\Jewel Quest
2009-06-28 05:20 . 2009-06-01 14:35 -------- d-----w- c:\program files\IObit
2009-06-28 04:42 . 2009-06-28 04:42 -------- d-----w- c:\program files\BitTorrent
2009-06-27 08:47 . 2009-06-27 08:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Digsby
2009-06-27 08:47 . 2009-06-27 08:43 -------- d-----w- c:\documents and settings\babotz\Application Data\Digsby
2009-06-27 08:43 . 2009-06-27 08:43 -------- d-----w- c:\program files\Digsby
2009-06-27 08:26 . 2009-06-27 08:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Winferno
2009-06-27 05:12 . 2009-06-27 05:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-27 05:12 . 2009-06-27 05:12 -------- d-----w- c:\program files\Java
2009-06-26 22:15 . 2009-06-26 22:15 -------- d-----w- c:\program files\Chikka Messenger
2009-06-26 10:09 . 2009-05-25 13:43 -------- d-----w- c:\documents and settings\babotz\Application Data\IDM
2009-06-26 08:36 . 2009-04-28 17:26 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-26 08:26 . 2009-06-26 08:26 0 ----a-w- c:\windows\nsreg.dat
2009-06-25 10:10 . 2009-06-22 03:32 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-25 10:09 . 2009-06-25 10:09 -------- d-----w- c:\documents and settings\babotz\Application Data\MSNInstaller
2009-06-25 09:55 . 2009-04-25 02:57 -------- d-----w- c:\program files\Truffle Tray
2009-06-25 09:55 . 2009-04-09 11:47 -------- d-----w- c:\documents and settings\babotz\Application Data\My Battle for Middle-earth(tm) II Files
2009-06-25 01:39 . 2009-06-05 02:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-25 01:36 . 2009-06-25 01:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Nero
2009-06-24 14:56 . 2009-06-24 14:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\LightScribe
2009-06-24 14:47 . 2009-06-24 14:47 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-24 12:25 . 2009-06-24 12:25 -------- d-----w- c:\program files\BitDefender
2009-06-23 01:19 . 2009-06-23 01:19 -------- d-----w- c:\documents and settings\babotz\Application Data\Corel
2009-06-23 01:15 . 2009-06-23 01:15 -------- d-----w- c:\program files\Common Files\Corel
2009-06-23 01:15 . 2009-04-09 12:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-23 01:15 . 2009-06-23 01:15 -------- d-----w- c:\program files\Corel
2009-06-20 07:30 . 2009-06-20 07:30 -------- d-----w- c:\documents and settings\Kids\Application Data\Yahoo!
2009-06-18 08:38 . 2009-06-01 14:35 -------- d-----w- c:\documents and settings\babotz\Application Data\IObit
2009-06-18 08:36 . 2009-05-12 18:26 -------- d-----w- c:\program files\VirtualDJ
2009-06-16 15:12 . 2009-05-12 19:12 -------- d-----w- c:\program files\Oberon Media
2009-06-14 10:09 . 2009-06-14 10:09 -------- d-----w- c:\program files\TryMedia
2009-06-12 07:52 . 2009-06-12 07:52 -------- d-----w- c:\program files\Xinox Software
2009-06-12 07:52 . 2009-06-12 07:52 -------- d-----w- c:\program files\JavaSoft
2009-06-12 07:52 . 2009-04-09 12:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 07:07 . 2009-05-12 19:12 -------- d-----w- c:\program files\GamesBar
2009-05-25 13:27 . 2009-05-25 13:27 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
.

------- Sigcheck -------

[-] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP2GDR\wininet.dll
[-] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP2QFE\wininet.dll
[-] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP3GDR\wininet.dll
[-] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP3QFE\wininet.dll
[-] 2006-10-15 15:39 698368 76E63E0D2EFE76EED958511CC724FE6B c:\windows\system32\wininet.dll
[-] 2006-10-15 15:39 698368 76E63E0D2EFE76EED958511CC724FE6B c:\windows\system32\dllcache\wininet.dll

[-] 2006-10-15 15:38 975360 42071C236B7E35271D40DB1D7C37D5BD c:\windows\explorer.exe
[-] 2006-10-15 15:38 975360 42071C236B7E35271D40DB1D7C37D5BD c:\windows\system32\dllcache\explorer.exe

[-] 2009-04-29 04:52 3060736 04AB92BFDDF275D50E3D42CDB4BF110E c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP2GDR\mshtml.dll
[-] 2009-04-29 02:01 3068928 7BB862F4CBB8361551C34674291BA5EC c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP2QFE\mshtml.dll
[-] 2009-04-29 04:46 3068928 ABD8093E43E53AEA5898D2214B92E9BA c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP3GDR\mshtml.dll
[-] 2009-04-29 04:21 3069440 06CF679E3D24C3DF270556456A0F1EDA c:\windows\SoftwareDistribution\Download\a9c8e0039 7fe4457a25305c397dc3358\SP3QFE\mshtml.dll
[-] 2006-10-15 15:38 3498496 E59EC27FCA1F9BB5700CAAE80CABA406 c:\windows\system32\mshtml.dll
[-] 2006-10-15 15:38 3498496 E59EC27FCA1F9BB5700CAAE80CABA406 c:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-08-09_08.37.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 19:12 . 2009-08-10 19:12 16384 c:\windows\Temp\Perflib_Perfdata_624.dat
+ 2009-08-10 19:12 . 2009-08-10 19:12 16384 c:\windows\Temp\Perflib_Perfdata_214.dat
+ 2001-08-23 12:00 . 2009-08-09 16:40 73230 c:\windows\system32\perfc009.dat
+ 2009-04-09 09:11 . 2009-08-10 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-09 09:11 . 2009-08-09 08:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-09 09:11 . 2009-08-10 18:27 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2009-04-09 09:11 . 2009-08-09 08:35 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-08-10 09:27 . 2009-08-10 09:27 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-08-10 09:27 . 2009-08-10 09:27 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2001-08-23 12:00 . 2001-08-23 12:00 219392 c:\windows\system32\qdtvpzxr.dat
+ 2001-08-23 12:00 . 2009-08-09 16:40 446492 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2001-08-23 12:00 175360 c:\windows\system32\ocuhyhzb.dat
+ 2001-08-23 12:00 . 2001-08-23 12:00 103936 c:\windows\system32\mvrjzak.dll
+ 2001-08-23 12:00 . 2001-08-23 12:00 143872 c:\windows\system32\dualnllc.dll
+ 2001-08-23 12:00 . 2001-08-23 12:00 8122112 c:\windows\system32\zyqhnwfg.dat
+ 2009-02-03 02:15 . 2009-08-10 00:55 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-04-09 16:50 . 2009-08-09 17:42 1558160 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-10 09:27 . 2009-08-10 09:27 1516544 c:\windows\Installer\500e5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 09:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13672448]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]

c:\documents and settings\babotz\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^babotz^Start Menu^Programs^Startup^AutoClick.lnk]
path=c:\documents and settings\babotz\Start Menu\Programs\Startup\AutoClick.lnk
backup=c:\windows\pss\AutoClick.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^babotz^Start Menu^Programs^Startup^nero.bat.lnk]
path=c:\documents and settings\babotz\Start Menu\Programs\Startup\nero.bat.lnk
backup=c:\windows\pss\nero.bat.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^babotz^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\documents and settings\babotz\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"CorelDRAW Graphics Suite 11b"=c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=070809 serial=DR12WCP-4531862-WWB lang=EN
"InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe
"SecurDisc"=c:\program files\Nero\Nero 7\InCD\NBHGui.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Wak poh\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/9/2009 8:02 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/10/2008 7:10 AM 24636]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [8/9/2009 8:02 PM 20560]
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\docume~1\babotz\LOCALS~1\Temp\AVSETUP_ 49f73b50\basic\avupgsvc.exe" /TEMPSTART:""c:\docume~1\babotz\LOCALS~1\Temp\AVSET UP_49f73b50\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\docume~1\babotz\LOCALS~1\Temp\AVSETUP_49f73b50\ basic\avupgsvc.exe [?]
S2 biogxas;Support Network;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 qgwxzb;Center Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S4 Hdrfrsmg;Hdrfrsmg; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fmtrblkv
qgwxzb
biogxas

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\babotz\APPLIC~1\Mozilla\Firefox\Profil es\rqqr1q52.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ph.search.yahoo.com/?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-11 03:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b iogxas]
"ServiceDll"="c:\windows\system32\zjhxn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\q gwxzb]
"ServiceDll"="c:\windows\system32\zjhxn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-10 3:23
ComboFix-quarantined-files.txt 2009-08-10 19:23
ComboFix2.txt 2009-08-09 08:42
ComboFix3.txt 2009-07-21 03:30
ComboFix4.txt 2009-07-11 03:10
ComboFix5.txt 2009-08-10 19:05

Pre-Run: 36,478,935,040 bytes free
Post-Run: 36,609,204,224 bytes free

408

[Active] Please help..parasite on my pc

[Active] Please help..parasite on my pc

Similar Threads

[Active] Looking for help!

[Active] help!!

Active X...

active x

Help! stupid home search parasite!!