Annoying pop-up after trojan remova

Computing.Net > Forums > Security and Virus > Annoying pop-up after trojan remova

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Annoying pop-up after trojan remova

Name: Chucky64
Date: December 16, 2008 at 05:56:37 Pacific
OS: Windows Vista
CPU/Ram: Dual core/4gb ram
Product: Mesh / CANT SPECIFY

Comment:

Hi there,
I recently got a nasty trojan horse on my pc which had rootkits which couldn't be deleted. So I found the recent Hijacker Virus thread on here as is had a couple of the same file names invovled. I followed the instructions in that thread (bar the hijack this scan, as it wasn't to be used to remove anything) and I have cleared my pc of the trojan horse which is great!
However, when the trojan horse 1st infected my pc it gave me this annoying pop up, which sends me to the zabasearch website, or on the 5th or 6th pop up in a row to a online gifts website. This pops up every 30 mins, and no matter what I search with I can't work out how to get rid of it. I use AVG 8 for all my security, but also have ad-aware and now ATF cleaner following my trojan horse troubles.
Any advice on how to get rid of this pop up is greatly appreciated.
Thank you in advance.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: December 16, 2008 at 08:29:18 Pacific

Reply:

Please download Malwarebytes' Anti-Malware from one of these sites:
MalwareBytes1
MalwareBytes2
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: Chucky64
Date: December 16, 2008 at 09:55:02 Pacific

Reply:

Okie dokie, all done.
Malwarebytes' Anti-Malware 1.31
Database version: 1506
Windows 6.0.6001 Service Pack 1
16/12/2008 17:51:11
mbam-log-2008-12-16 (17-51-11).txt
Scan type: Quick Scan
Objects scanned: 53011
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==========================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:14, on 16/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
D:\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Users\harlie\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\harlie\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.p8ntballer-forums.com/vb...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [CheckSum] C:\Windows\system32\cks.bat
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Veoh] "D:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\harlie\Program Files\DNA\btdna.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1503...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Drive...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Drive...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1503...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9449 bytes

Response Number 3

Name: jabuck
Date: December 16, 2008 at 15:18:12 Pacific

Reply:

Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Response Number 4

Name: Chucky64
Date: December 17, 2008 at 09:49:10 Pacific

Reply:

Here you go, combofix results
ComboFix 08-12-16.03 - harlie 2008-12-17 17:38:37.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.2239 [GMT 0:00]
Running from: c:\users\harlie\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.
2008-12-16 17:41 . 2008-12-16 17:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 17:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-16 17:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-15 17:02 . 2008-12-15 17:02 <DIR> d-------- c:\windows\Sun
2008-12-15 17:01 . 2008-12-15 17:07 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-15 11:35 . 2008-12-15 11:35 <DIR> d-------- c:\users\harlie\AppData\Roaming\Malwarebytes
2008-12-15 11:35 . 2008-12-15 11:35 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-15 11:25 . 2008-12-15 11:36 <DIR> d-------- c:\programdata\PrevxCSI
2008-12-15 11:16 . 2008-12-15 13:52 <DIR> d-------- c:\program files\Sophos
2008-12-15 03:41 . 2008-12-15 19:33 <DIR> d-------- c:\programdata\Lavasoft
2008-12-15 03:24 . 2008-12-15 03:32 <DIR> d-------- c:\program files\NoAdware
2008-12-15 03:13 . 2008-12-15 09:33 <DIR> d-------- c:\programdata\STOPzilla!
2008-12-15 03:13 . 2008-12-15 03:15 <DIR> d-------- c:\programdata\SITEguard
2008-12-15 03:13 . 2008-12-15 03:13 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-15 03:03 . 2008-12-15 03:11 <DIR> d-a------ c:\programdata\TEMP
2008-12-15 00:16 . 2008-12-15 00:16 <DIR> d-------- c:\program files\Uninstall
2008-12-15 00:16 . 2008-12-15 00:16 576,000 --a------ c:\windows\uninstall.exe
2008-12-15 00:16 . 2008-12-10 18:18 22,406 --------- c:\windows\System32\checksum.exe
2008-12-15 00:16 . 2008-12-12 15:10 176 --a------ c:\windows\System32\eowero.vbs
2008-12-15 00:16 . 2008-12-12 15:09 151 --a------ c:\windows\System32\cks.bat
2008-12-15 00:15 . 2008-12-15 00:15 <DIR> d-------- c:\windows\EasyDecrypter v1.12
2008-12-12 21:10 . 2008-12-12 21:10 106,130 --a------ c:\windows\runner.exe
2008-12-12 02:59 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 01:43 . 2008-12-08 04:47 368,640 --a------ c:\windows\taskmrg.exe
2008-12-03 19:55 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 19:55 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 19:55 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 19:55 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 19:55 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 19:55 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 19:55 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 19:55 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 19:55 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-27 03:01 . 1999-05-07 06:00 140,288 --a------ c:\windows\System32\Comdlg32.ocx
2008-11-27 03:01 . 2007-06-04 22:10 132,880 --a------ c:\windows\System32\MSINET.OCX
2008-11-27 03:01 . 2005-06-06 19:31 108,336 --a------ c:\windows\System32\Mswinsck.ocx
2008-11-27 03:01 . 2008-01-31 11:15 102,400 --a------ c:\windows\System32\DinkITXPUIMenus.ocx
2008-11-27 03:01 . 2003-04-05 18:19 65,536 --a------ c:\windows\System32\EnhSliderOcx.ocx
2008-11-27 03:01 . 2008-02-04 03:55 64,000 --a------ c:\windows\System32\wiaaut.oca
2008-11-26 08:14 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 08:14 . 2008-08-28 03:37 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 08:14 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 08:14 . 2008-08-28 03:37 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:14 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-18 09:06 . 2008-11-18 09:06 <DIR> d-------- c:\users\harlie\Program Files
2008-11-17 21:49 . 2008-12-17 17:39 <DIR> d-------- c:\users\harlie\AppData\Roaming\DNA
2008-11-17 21:49 . 2008-12-16 14:00 <DIR> d-------- c:\users\harlie\AppData\Roaming\BitTorrent
2008-11-17 21:49 . 2008-11-17 21:49 <DIR> d-------- c:\program files\DNA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 19:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 17:07 --------- d-----w c:\program files\Java
2008-12-15 00:38 --------- d-----w c:\programdata\Downloaded Installations
2008-12-15 00:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 20:17 --------- d-----w c:\program files\Windows Live
2008-12-14 20:11 --------- d-----w c:\programdata\WLInstaller
2008-12-13 01:18 --------- d-----w c:\program files\Windows Mail
2008-12-12 03:02 --------- d-----w c:\programdata\Microsoft Help
2008-11-06 13:44 --------- d-----w c:\program files\DivX
2008-11-06 08:19 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-06 08:19 23,832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
2008-11-02 00:47 --------- d-----w c:\program files\Microsoft
2008-11-02 00:39 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-02 00:38 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-02 00:36 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-30 09:03 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\DivX.dll
2008-10-22 07:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-05-31 20:09 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"Veoh"="d:\veoh networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"BitTorrent DNA"="c:\users\harlie\Program Files\DNA\btdna.exe" [2008-12-15 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-16 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\System32\P0620Pin.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckSum"="c:\windows\system32\cks.bat" [2008-12-12 151]
c:\users\harlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.exe [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.exe [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B6E6747-2AF3-4317-BE34-77CF368616D6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98BDF357-5E7F-4A24-A53A-2FEC05A74F3A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{460BBACE-ABE7-4879-90CC-31E90FF865AE}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C1614D8E-B5B8-42D1-8922-AE30C4B4F591}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{6AD729B5-B156-4364-8B7B-68A776AB414F}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{339FFD03-6AED-47BC-BA6C-82953F33EF04}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{90E9C9F6-4844-4A17-8E16-A020B9F5EFE6}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{F18E6E8C-4254-4901-9CF2-F762FC5CE858}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{DA3F9C54-3FDC-4591-AD1E-3AFEBCE75D5C}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{BEDAC4F1-83AF-4BD5-A096-2D76E272760F}"= TCP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{5A45AF42-27DE-4ADA-B706-105C71983A90}"= UDP:24114:BitComet 24114 TCP
"{484316E3-8FD0-4EEE-AF4A-CD5C92550417}"= TCP:24114:BitComet 24114 UDP
"TCP Query User{E327B7DA-4959-4D53-AD89-9AA647E88E61}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8F6AC53F-18F7-4FB8-9A2D-074E6259D863}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{71B61BFC-48F9-4EC1-BEC9-E1DA90520D91}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{3F6327A2-2689-4C83-A546-863FD1F5D67A}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{45018354-BECA-4B4F-9AF1-79CEC29373F1}d:\\bitcomet\\bitcomet.exe"= UDP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{FB65B326-195C-43D6-A2A3-302F2079D5E5}d:\\bitcomet\\bitcomet.exe"= TCP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{78340D60-3D7E-4EE3-931F-AC0E5773693D}"= UDP:7952:BitComet 7952 TCP
"{73BA2EEB-26F8-4C2F-A3F8-69BA69BCA2A0}"= TCP:7952:BitComet 7952 UDP
"TCP Query User{8B5EB7A8-15AC-4810-9EFD-96F2FF65C1C0}d:\\veoh networks\\veoh\\veohclient.exe"= UDP:d:\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A02F26DC-38C8-4BE4-81A5-6DFF96D9BD15}d:\\veoh networks\\veoh\\veohclient.exe"= TCP:d:\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{1F0B87D5-A3B9-4E9D-B6D8-C93C150D88E8}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{C55DC1DB-0667-4AF9-A774-8BB7DEE3EDBE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{F1519D97-450A-4888-A7CE-437498C2276F}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{3D5EF9DC-D09D-4C0D-AF05-0A2D7D79A2AA}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{6B71A9B9-4624-4181-8C55-1FFB04973116}d:\\emule\\emule.exe"= UDP:d:\emule\emule.exe:eMule
"UDP Query User{03152357-D8B0-4E3F-8E3C-8EB502E9C88F}d:\\emule\\emule.exe"= TCP:d:\emule\emule.exe:eMule
"{40BD8D4C-FB65-48D9-97C0-013FC0E02104}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3178FB5F-B821-4796-8252-EE25273E4ED7}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{DED0236A-7808-4969-AE58-5AF66A903E5E}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E71C71A0-696A-4A0B-A29B-BF1834DB4C3C}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{2BED673A-F021-4406-91B9-82B2C41F7ADF}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{832A0E55-C15B-4FF4-BB89-99B7F3F09C8A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{5863866F-AE53-47E9-9B17-00E3F06086E2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F8D84339-AA27-41D3-B918-96E94FDEA24F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{817B7D67-25B5-4A69-A67A-127C74766512}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{22C23842-9F0D-46CE-866A-38A0B04E1BF1}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{32E9E3A4-BFC0-4250-ADFC-2916F533E1B1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\BitTorrent\\bittorrent.exe"= d:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-05-06 12936]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2008-10-23 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-06 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-23 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-23 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-06 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-06 1212184]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
.
Contents of the 'Scheduled Tasks' folder
2008-12-17 c:\windows\Tasks\At1.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At10.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At11.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At12.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At13.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At14.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At15.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At16.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-17 c:\windows\Tasks\At17.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-17 c:\windows\Tasks\At18.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At19.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-17 c:\windows\Tasks\At2.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At20.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At21.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At22.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At23.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-16 c:\windows\Tasks\At24.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-17 c:\windows\Tasks\At3.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-17 c:\windows\Tasks\At4.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At5.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At6.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At7.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At8.job
- c:\windows\system32\4iXCmJRd.exe []
2008-12-15 c:\windows\Tasks\At9.job
- c:\windows\system32\4iXCmJRd.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 17:39:58
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-17 17:46:02
ComboFix-quarantined-files.txt 2008-12-17 17:45:59
ComboFix2.txt 2008-12-15 16:48:23
Pre-Run: 212,026,937,344 bytes free
Post-Run: 212,090,060,800 bytes free
278 --- E O F --- 2008-12-17 02:19:24

Response Number 5

Name: jabuck
Date: December 17, 2008 at 14:44:53 Pacific

Reply:

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\Tasks\At1.job
c:\windows\system32\4iXCmJRd.exe
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
After doing the above have the popups stopped?

audiodg.exe CheckSum C++ annoying pop ups	pop up after google search faultrep.dll 1003 avgrkx86.sys
See More

Response Number 6

Name: Chucky64
Date: December 17, 2008 at 16:13:47 Pacific

Reply:

I doesn't appear to have. It now pops up to google, but still I get a pop up when I 1st switch on, and then every 30 mins.
Here is the 2nd combofix log
ComboFix 08-12-16.03 - harlie 2008-12-17 23:25:34.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.2191 [GMT 0:00]
Running from: c:\users\harlie\Desktop\ComboFix.exe
Command switches used :: c:\users\harlie\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\4iXCmJRd.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.
2008-12-16 17:41 . 2008-12-16 17:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 17:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-16 17:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-15 17:02 . 2008-12-15 17:02 <DIR> d-------- c:\windows\Sun
2008-12-15 17:01 . 2008-12-15 17:07 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-15 11:35 . 2008-12-15 11:35 <DIR> d-------- c:\users\harlie\AppData\Roaming\Malwarebytes
2008-12-15 11:35 . 2008-12-15 11:35 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-15 11:25 . 2008-12-15 11:36 <DIR> d-------- c:\programdata\PrevxCSI
2008-12-15 11:16 . 2008-12-15 13:52 <DIR> d-------- c:\program files\Sophos
2008-12-15 03:41 . 2008-12-15 19:33 <DIR> d-------- c:\programdata\Lavasoft
2008-12-15 03:24 . 2008-12-15 03:32 <DIR> d-------- c:\program files\NoAdware
2008-12-15 03:13 . 2008-12-15 09:33 <DIR> d-------- c:\programdata\STOPzilla!
2008-12-15 03:13 . 2008-12-15 03:15 <DIR> d-------- c:\programdata\SITEguard
2008-12-15 03:13 . 2008-12-15 03:13 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-15 03:03 . 2008-12-15 03:11 <DIR> d-a------ c:\programdata\TEMP
2008-12-15 00:16 . 2008-12-15 00:16 <DIR> d-------- c:\program files\Uninstall
2008-12-15 00:16 . 2008-12-15 00:16 576,000 --a------ c:\windows\uninstall.exe
2008-12-15 00:16 . 2008-12-10 18:18 22,406 --------- c:\windows\System32\checksum.exe
2008-12-15 00:16 . 2008-12-12 15:10 176 --a------ c:\windows\System32\eowero.vbs
2008-12-15 00:16 . 2008-12-12 15:09 151 --a------ c:\windows\System32\cks.bat
2008-12-15 00:15 . 2008-12-15 00:15 <DIR> d-------- c:\windows\EasyDecrypter v1.12
2008-12-12 21:10 . 2008-12-12 21:10 106,130 --a------ c:\windows\runner.exe
2008-12-12 02:59 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 01:43 . 2008-12-08 04:47 368,640 --a------ c:\windows\taskmrg.exe
2008-12-03 19:55 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 19:55 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 19:55 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 19:55 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 19:55 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 19:55 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 19:55 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 19:55 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 19:55 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-27 03:01 . 1999-05-07 06:00 140,288 --a------ c:\windows\System32\Comdlg32.ocx
2008-11-27 03:01 . 2007-06-04 22:10 132,880 --a------ c:\windows\System32\MSINET.OCX
2008-11-27 03:01 . 2005-06-06 19:31 108,336 --a------ c:\windows\System32\Mswinsck.ocx
2008-11-27 03:01 . 2008-01-31 11:15 102,400 --a------ c:\windows\System32\DinkITXPUIMenus.ocx
2008-11-27 03:01 . 2003-04-05 18:19 65,536 --a------ c:\windows\System32\EnhSliderOcx.ocx
2008-11-27 03:01 . 2008-02-04 03:55 64,000 --a------ c:\windows\System32\wiaaut.oca
2008-11-26 08:14 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 08:14 . 2008-08-28 03:37 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 08:14 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 08:14 . 2008-08-28 03:37 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:14 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-18 09:06 . 2008-11-18 09:06 <DIR> d-------- c:\users\harlie\Program Files
2008-11-17 21:49 . 2008-12-17 23:28 <DIR> d-------- c:\users\harlie\AppData\Roaming\DNA
2008-11-17 21:49 . 2008-12-16 14:00 <DIR> d-------- c:\users\harlie\AppData\Roaming\BitTorrent
2008-11-17 21:49 . 2008-11-17 21:49 <DIR> d-------- c:\program files\DNA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 19:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 17:07 --------- d-----w c:\program files\Java
2008-12-15 00:38 --------- d-----w c:\programdata\Downloaded Installations
2008-12-15 00:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 20:17 --------- d-----w c:\program files\Windows Live
2008-12-14 20:11 --------- d-----w c:\programdata\WLInstaller
2008-12-13 01:18 --------- d-----w c:\program files\Windows Mail
2008-12-12 03:02 --------- d-----w c:\programdata\Microsoft Help
2008-11-06 13:44 --------- d-----w c:\program files\DivX
2008-11-06 08:19 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-06 08:19 23,832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
2008-11-02 00:47 --------- d-----w c:\program files\Microsoft
2008-11-02 00:39 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-02 00:38 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-02 00:36 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-30 09:03 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\DivX.dll
2008-10-22 07:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-05-31 20:09 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-12-17_17.40.23.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 15:10:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-17 23:28:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-17 23:28:42 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-17 15:10:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-17 23:28:42 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-17 23:28:42 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-17 17:38:18 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-17 23:24:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-12-17 15:13:52 105,448 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-17 23:20:56 105,448 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-17 15:13:52 599,942 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-17 23:20:56 599,942 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-17 15:10:58 14,398 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2727954109-2936429986-809546482-1000_UserData.bin
+ 2008-12-17 23:18:15 14,470 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2727954109-2936429986-809546482-1000_UserData.bin
- 2008-12-17 15:10:57 77,080 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-17 23:18:15 77,080 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-17 15:10:56 56,526 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-17 23:18:13 56,550 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"Veoh"="d:\veoh networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"BitTorrent DNA"="c:\users\harlie\Program Files\DNA\btdna.exe" [2008-12-15 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-16 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\System32\P0620Pin.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckSum"="c:\windows\system32\cks.bat" [2008-12-12 151]
c:\users\harlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.exe [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.exe [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B6E6747-2AF3-4317-BE34-77CF368616D6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98BDF357-5E7F-4A24-A53A-2FEC05A74F3A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{460BBACE-ABE7-4879-90CC-31E90FF865AE}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C1614D8E-B5B8-42D1-8922-AE30C4B4F591}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{6AD729B5-B156-4364-8B7B-68A776AB414F}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{339FFD03-6AED-47BC-BA6C-82953F33EF04}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{90E9C9F6-4844-4A17-8E16-A020B9F5EFE6}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{F18E6E8C-4254-4901-9CF2-F762FC5CE858}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{DA3F9C54-3FDC-4591-AD1E-3AFEBCE75D5C}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{BEDAC4F1-83AF-4BD5-A096-2D76E272760F}"= TCP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{5A45AF42-27DE-4ADA-B706-105C71983A90}"= UDP:24114:BitComet 24114 TCP
"{484316E3-8FD0-4EEE-AF4A-CD5C92550417}"= TCP:24114:BitComet 24114 UDP
"TCP Query User{E327B7DA-4959-4D53-AD89-9AA647E88E61}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8F6AC53F-18F7-4FB8-9A2D-074E6259D863}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{71B61BFC-48F9-4EC1-BEC9-E1DA90520D91}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{3F6327A2-2689-4C83-A546-863FD1F5D67A}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{45018354-BECA-4B4F-9AF1-79CEC29373F1}d:\\bitcomet\\bitcomet.exe"= UDP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{FB65B326-195C-43D6-A2A3-302F2079D5E5}d:\\bitcomet\\bitcomet.exe"= TCP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{78340D60-3D7E-4EE3-931F-AC0E5773693D}"= UDP:7952:BitComet 7952 TCP
"{73BA2EEB-26F8-4C2F-A3F8-69BA69BCA2A0}"= TCP:7952:BitComet 7952 UDP
"TCP Query User{8B5EB7A8-15AC-4810-9EFD-96F2FF65C1C0}d:\\veoh networks\\veoh\\veohclient.exe"= UDP:d:\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A02F26DC-38C8-4BE4-81A5-6DFF96D9BD15}d:\\veoh networks\\veoh\\veohclient.exe"= TCP:d:\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{1F0B87D5-A3B9-4E9D-B6D8-C93C150D88E8}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{C55DC1DB-0667-4AF9-A774-8BB7DEE3EDBE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{F1519D97-450A-4888-A7CE-437498C2276F}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{3D5EF9DC-D09D-4C0D-AF05-0A2D7D79A2AA}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{6B71A9B9-4624-4181-8C55-1FFB04973116}d:\\emule\\emule.exe"= UDP:d:\emule\emule.exe:eMule
"UDP Query User{03152357-D8B0-4E3F-8E3C-8EB502E9C88F}d:\\emule\\emule.exe"= TCP:d:\emule\emule.exe:eMule
"{40BD8D4C-FB65-48D9-97C0-013FC0E02104}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3178FB5F-B821-4796-8252-EE25273E4ED7}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{DED0236A-7808-4969-AE58-5AF66A903E5E}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E71C71A0-696A-4A0B-A29B-BF1834DB4C3C}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{2BED673A-F021-4406-91B9-82B2C41F7ADF}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{832A0E55-C15B-4FF4-BB89-99B7F3F09C8A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{5863866F-AE53-47E9-9B17-00E3F06086E2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F8D84339-AA27-41D3-B918-96E94FDEA24F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{817B7D67-25B5-4A69-A67A-127C74766512}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{22C23842-9F0D-46CE-866A-38A0B04E1BF1}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{32E9E3A4-BFC0-4250-ADFC-2916F533E1B1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\BitTorrent\\bittorrent.exe"= d:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-05-06 12936]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2008-10-23 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-06 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-23 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-23 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-06 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-06 1212184]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 23:28:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\CTSVCCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\checksum.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-17 23:35:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-17 23:35:32
ComboFix2.txt 2008-12-17 17:46:04
ComboFix3.txt 2008-12-15 16:48:23
Pre-Run: 211,593,601,024 bytes free
Post-Run: 211,667,062,784 bytes free
327 --- E O F --- 2008-12-17 02:19:24

Sponsored Link

Ads by Google

E-MAIL problems

Trojans after trojans aft...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Annoying pop-up after trojan remova

Annoying pop up in system tray!

Summary

www.computing.net/answers/security/annoying-pop-up-in-system-tray/19562.html

An annoying pop up

Summary

www.computing.net/answers/security/an-annoying-pop-up/12313.html

Annoying Pop-up!

Summary

www.computing.net/answers/security/annoying-popup/12626.html

From the Geek Dictionary
FTP - FTP (File Transfer Protocol) is a common method of transferring data files ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Can't boot into windows

cannot connect to internet fedora 11

Volume Indicator

Inadequate Send Get connections

Screen size

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

iPhone Consumes 50% World's Mobile Data Traffic

TV Market to Launch Cross-Platform App Store

Microsoft Working on XBL Help, FAQ System?

Used ATM Machines for Sale on Craigslist

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE