Need Virus Help!

Gigabyte / M61p-s3
January 30, 2009 at 21:34:06
Specs: Microsoft Windows XP Professional, 2.41 GHz / 2047 MB
First off, I use BitDefender Total Security 2008, Webroot Spysweeper, and CCleaner to keep my computer safe. Somehow though my computer got infected with a virus. I am unable to visit sites like Malwarebytes and spysweeper and i keep getting weird pop ups that are getting annoying.Ive also have been getting misdirected from some sites and when i go to try and go to windows update it takes me to google. I was able to download Malwarebytes but I couldnt install it because i kept getting a runtime error 0. Any help would be nice hopefully I dont need to do a system restore because Ive got lots of stuff I need to keep.

Ps. Ive also looked at other post and i dont seem to have TDSSserv.sys.


See More: Need Virus Help!

Report •


#1
January 31, 2009 at 09:32:15
Also, I get the runtime error 0 when i try and install malwarebytes. I do have a Hjackthis log if u want me to post it.

Report •

#2
January 31, 2009 at 10:17:05
Please post your Hijack This log.

Report •

#3
January 31, 2009 at 10:30:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:14 PM, on 1/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Mike\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\ETcall.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [7447ee68] "rundll32.exe" "C:\WINDOWS\system32\ojsrhsqf.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BEC40-F1C7-43C9-B6F2-D335A186D8AA}: NameServer = 85.255.116.91,85.255.112.234
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.91,85.255.112.234
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.91,85.255.112.234
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.91,85.255.112.234
O20 - AppInit_DLLs: huazix.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9783 bytes


Report •

Related Solutions

#4
January 31, 2009 at 10:40:41
You have a dns changer and other malware.

First lets try to get Malwarebytes to run. Uninstall Malwarebytes, go to start> control panel> add/remove programs and uninstall it.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.


Report •

#5
January 31, 2009 at 10:52:20
Ive tried to download and rename it to tool.exe and im still getting the Run-time error 0.

Report •

#6
January 31, 2009 at 11:12:36
If it installed reboot into safe mode and try to run Malwarebytes from safe mode.

To boot into safe mode do the following, do not use any other method please.

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.


Report •

#7
January 31, 2009 at 11:33:17
Ive tried that and still no luck. Still getting the runtime error

Report •

#8
January 31, 2009 at 11:47:06
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 11 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your BitDefinder antivirus, Spy Sweeper, and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

#9
January 31, 2009 at 19:39:48
ComboFix 09-01-31.01 - Mike 2009-01-31 15:15:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1723 [GMT -5:00]
Running from: c:\documents and settings\Mike\Desktop\toolb.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Mike\Application Data\inst.exe
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\update.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004733_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004737_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004740_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004744_.tmp.dll
c:\windows\system32\_004747_.tmp.dll
c:\windows\system32\_004748_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004758_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004762_.tmp.dll
c:\windows\system32\_004763_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004771_.tmp.dll
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\bfitprtm.dll
c:\windows\system32\drivers\gaopdxboehntsh.sys
c:\windows\system32\drivers\gaopdxlxrqmcbo.sys
c:\windows\system32\drivers\gaopdxnsbiydvb.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fqshrsjo.ini
c:\windows\system32\gaopdxuyrnhfpq.dll
c:\windows\system32\gbvsqwad.dll
c:\windows\system32\huazix.dll
c:\windows\system32\iifEvsss.dll
c:\windows\system32\ojsrhsqf.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sssvEfii.ini
c:\windows\system32\sssvEfii.ini2
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
Z:\resycled

----- BITS: Possible infected sites -----

hxxp://lp2.patch.station.sony.com:7000
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 15:00 . 2009-01-31 14:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-31 15:00 . 2009-01-31 14:59 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-31 14:49 . 2009-01-31 14:51 <DIR> d-------- c:\documents and settings\Mike\.SunDownloadManager
2009-01-31 00:55 . 2009-01-31 00:55 <DIR> d-------- c:\program files\SlimBrowser
2009-01-31 00:55 . 2009-01-31 15:02 <DIR> d-------- c:\documents and settings\Mike\Application Data\SlimBrowser
2009-01-31 00:04 . 2009-01-31 00:04 <DIR> d-------- c:\windows\ERUNT
2009-01-30 23:58 . 2009-01-30 23:58 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-01-28 19:04 . 2009-01-28 19:04 <DIR> d-------- c:\documents and settings\Mike\Application Data\BitDefender
2009-01-28 19:03 . 2009-01-28 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-28 19:02 . 2009-01-28 19:03 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-01-28 18:52 . 2009-01-28 18:52 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-01-28 18:52 . 2009-01-28 18:52 <DIR> d-------- c:\program files\MSECACHE
2009-01-28 18:17 . 2009-01-28 18:17 <DIR> d---s---- c:\documents and settings\Mike\UserData
2009-01-28 18:13 . 2009-01-28 18:13 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-01-28 18:13 . 2009-01-28 18:13 385 --a------ c:\windows\system32\user_gensett.xml
2009-01-28 17:56 . 2009-01-28 17:56 <DIR> d-------- c:\windows\system32\logs
2009-01-28 05:21 . 2009-01-28 05:21 <DIR> d-------- c:\program files\MSBuild
2009-01-28 05:18 . 2009-01-28 05:18 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-28 05:18 . 2009-01-28 05:18 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-28 05:18 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-01-28 05:15 . 2009-01-28 05:16 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-21 15:15 . 2009-01-21 15:16 <DIR> d-------- c:\program files\PokerStars.NET
2009-01-20 04:53 . 2009-01-20 04:53 <DIR> d-------- c:\documents and settings\Mike\Application Data\id Software
2009-01-20 04:50 . 2009-01-20 04:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\id Software
2009-01-20 04:50 . 2009-01-20 04:50 2,246,144 --a------ c:\windows\system32\pbsvc.exe
2009-01-20 04:20 . 2007-06-29 14:47 34,304 --a------ c:\windows\system32\drivers\AmdLLD.sys
2009-01-20 04:10 . 2009-01-20 04:20 <DIR> d-------- c:\program files\AMD
2009-01-20 01:45 . 2009-01-20 01:45 <DIR> d-------- c:\documents and settings\Mike\Application Data\Gearbox Software
2009-01-18 18:08 . 2009-01-18 18:08 <DIR> d-------- c:\program files\PowerISO
2009-01-15 16:37 . 2009-01-15 16:37 921 --a------ c:\windows\_ISENV31.INI
2009-01-15 16:37 . 2009-01-15 16:37 521 --a------ c:\windows\_iserr31.ini
2009-01-13 11:47 . 2009-01-13 11:47 533 --a------ c:\windows\eReg.dat
2009-01-12 14:29 . 2009-01-12 14:29 <DIR> dr-h----- c:\documents and settings\Mike\Application Data\SecuROM
2009-01-12 12:49 . 2009-01-12 12:49 <DIR> d-------- c:\program files\DreamCatcher
2009-01-12 11:30 . 2009-01-12 11:30 <DIR> d-------- C:\Games
2009-01-11 22:32 . 2009-01-11 22:32 <DIR> d-------- c:\documents and settings\Mike\Application Data\Media Center Programs
2009-01-11 22:25 . 2009-01-11 22:25 <DIR> d-------- c:\documents and settings\Mike\Application Data\InstallShield Installation Information
2009-01-11 16:44 . 2009-01-11 16:44 0 --ah----- c:\windows\SwSys2.bmp
2009-01-11 16:44 . 2009-01-11 16:44 0 --ah----- c:\windows\SwSys1.bmp
2009-01-11 14:30 . 2004-06-04 18:33 314,368 --a------ c:\windows\IsUninstR.Exe
2009-01-11 14:23 . 2009-01-11 14:23 <DIR> d-------- c:\documents and settings\Mike\WINDOWS
2009-01-11 11:02 . 2009-01-11 11:02 <DIR> d-------- c:\documents and settings\Mike\Application Data\Petroglyph
2009-01-10 16:59 . 2009-01-10 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2009-01-10 16:12 . 2009-01-10 16:13 94,208 --a------ c:\windows\ScUnin.exe
2009-01-10 16:12 . 2009-01-10 16:13 26,286 --a------ c:\windows\scunin.dat
2009-01-10 16:12 . 2009-01-10 16:13 967 --a------ c:\windows\ScUnin.pif
2009-01-10 15:58 . 2009-01-10 15:59 <DIR> d-------- c:\program files\WorldOfGoo
2009-01-09 15:27 . 2009-01-25 04:27 <DIR> d-------- c:\documents and settings\Mike\Application Data\Bioshock
2009-01-08 15:09 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-08 15:09 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-01-08 14:16 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-08 14:16 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-01-08 14:15 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-08 14:15 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-06 00:04 . 2009-01-06 00:04 <DIR> d-------- C:\Splash
2009-01-06 00:02 . 2009-01-06 00:07 347 --a------ c:\windows\CoDUO.INI
2009-01-05 03:54 . 2009-01-07 02:11 <DIR> d-------- c:\program files\Call of Duty
2009-01-05 03:53 . 2009-01-05 04:02 745 --a------ c:\windows\CoD.INI
2009-01-04 14:38 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-04 14:38 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-04 14:38 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-04 14:38 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-04 14:38 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-04 14:38 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-04 14:38 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-04 14:36 . 2009-01-04 14:37 <DIR> d-------- c:\windows\Logs
2009-01-02 21:48 . 2009-01-02 21:48 <DIR> d-------- c:\program files\M4P MP3 Converter
2009-01-02 21:41 . 2003-12-14 16:47 692,224 --a------ c:\windows\system32\ciaResSvr20.dll
2009-01-02 21:41 . 1998-04-24 00:00 368,912 --a------ c:\windows\system32\vbar332.dll
2009-01-02 21:41 . 2004-06-18 09:30 213,083 --a------ c:\windows\system32\ciaXPButton20.ocx
2009-01-02 21:41 . 2004-06-18 11:52 139,264 --a------ c:\windows\system32\ciaXPProgress20.ocx
2009-01-02 21:41 . 2004-06-18 09:36 126,976 --a------ c:\windows\system32\ciaXPFrame20.ocx
2009-01-02 21:41 . 2003-12-12 17:41 53,248 --a------ c:\windows\system32\ciaXPRegSvr20.DLL
2009-01-02 21:41 . 2003-02-24 00:45 40,960 --a------ c:\windows\system32\ciaSubClsSvr.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 03:29 --------- d-----w c:\documents and settings\Mike\Application Data\Orbit
2009-02-01 03:28 --------- d-----w c:\program files\Steam
2009-01-31 19:59 --------- d-----w c:\program files\Java
2009-01-31 07:01 --------- d-----w c:\documents and settings\Mike\Application Data\Move Networks
2009-01-29 00:03 --------- d-----w c:\program files\BitDefender
2009-01-28 10:29 --------- d-----w c:\program files\Warcraft III
2009-01-26 21:51 --------- d-----w c:\documents and settings\Mike\Application Data\uTorrent
2009-01-20 09:51 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-20 09:51 22,328 ----a-w c:\documents and settings\Mike\Application Data\PnkBstrK.sys
2009-01-20 09:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 19:16 3,402 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-15 18:51 --------- d-----w c:\documents and settings\Mike\Application Data\LimeWire
2009-01-14 17:27 --------- d-----w c:\program files\Orbitdownloader
2009-01-13 20:50 --------- d-----w c:\documents and settings\Mike\Application Data\Vso
2009-01-12 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-12 16:46 --------- d-----w c:\program files\AGEIA Technologies
2009-01-11 16:47 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-09 06:08 --------- d-----w c:\program files\Yahoo!
2009-01-07 06:34 --------- d-----w c:\documents and settings\Mike\Application Data\GetRightToGo
2009-01-06 13:56 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-06 13:55 --------- d-----w c:\documents and settings\Mike\Application Data\SystemRequirementsLab
2009-01-06 09:20 --------- d-----w c:\program files\Sony
2009-01-03 03:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-02 08:06 --------- d-----w c:\program files\World of Warcraft
2008-12-28 08:19 --------- d-----w c:\documents and settings\Mike\Application Data\Electronic Arts
2008-12-25 03:00 --------- d-----w c:\program files\Microsoft Games
2008-12-24 03:42 --------- d-----w c:\program files\NCsoft
2008-12-18 18:18 --------- d-----w c:\program files\Bonjour
2008-12-18 18:17 --------- d-----w c:\program files\iTunes
2008-12-18 18:17 --------- d-----w c:\program files\iPod
2008-12-18 18:17 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 18:15 --------- d-----w c:\program files\QuickTime
2008-12-16 03:57 --------- d-----w c:\documents and settings\Mike\Application Data\Search Settings
2008-12-12 17:16 --------- d-----w c:\program files\LimeWire
2008-12-12 17:16 --------- d-----w c:\program files\FrostWire
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2008-12-10 19:06 --------- d-----w c:\program files\PixiePack Codec Pack
2008-12-10 19:03 --------- d-----w c:\program files\RapidSolution
2008-12-10 18:44 --------- d-----w c:\program files\Search Settings
2008-11-02 00:53 15,600 ----a-w c:\windows\gdrv.sys
2008-06-03 07:42 20,210 ----a-w c:\program files\Readme_uk.txt
2008-05-13 20:10 47,360 ----a-w c:\documents and settings\Mike\Application Data\pcouffin.sys
2008-04-15 20:15 88 --sh--r c:\documents and settings\All Users\Application Data\6326E0C4FA.sys
2008-02-14 18:28 29 ----a-w c:\program files\version.ini
2008-02-14 18:23 231,944 ----a-w c:\program files\gwflash.exe
2007-09-21 23:42 19,008 ----a-w c:\program files\markfun.a64
2007-08-21 23:49 17,912 ----a-w c:\program files\markfun.w32
2007-08-21 23:49 125,504 ----a-w c:\program files\MarkFunDrv.dll
2007-04-04 22:35 207,680 ----a-w c:\program files\updateutility.exe
2007-03-30 08:36 301 ----a-w c:\program files\update.ini
2007-03-02 08:48 240,448 ----a-w c:\program files\gwf32.exe
2006-11-24 03:47 207,680 ----a-w c:\program files\BIOS_Run.exe
2006-11-24 03:40 60,224 ----a-w c:\program files\HUADRV.DLL
2006-11-03 22:09 528 ----a-w c:\program files\CONFIG.INI
2005-04-27 23:40 6,800 ----a-w c:\program files\W95_HUA.vxd
2008-12-16 22:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AIM Toolbar 5.0\aoltb.dll" [2008-03-07 1090912]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"= "c:\program files\Search Settings\kb127\SearchSettings.dll" [2008-06-12 1111904]

[HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}]
[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}]
[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-06-12 16:57 1111904 --a------ c:\program files\Search Settings\kb127\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
"Steam"="c:\program files\steam\steam.exe" [2009-01-08 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2008-04-26 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-06-09 547840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-11-29 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 05:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-05 03:08 16380416 c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"z:\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"z:\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"z:\\RedFaction\\RedFaction.exe"=
"z:\\RedFaction\\rf.exe"=
"z:\\Sega\\Gas Powered Games\\Space Siege\\SpaceSiege.exe"=
"z:\\Sega\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Steam\\steamapps\\xboxmasta\\counter-strike source\\hl2.exe"=
"z:\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
"z:\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"z:\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\max payne 2 the fall of max payne\\maxpayne2.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\DOW2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"2052:UDP"= 2052:UDP:Windows Media Format SDK (gametap.exe)
"2053:UDP"= 2053:UDP:Windows Media Format SDK (gametap.exe)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792]
R4 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-17 24652]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S4 RPCHE;Remote Procedure Call (RPCE);c:\program files\Common Files\Microsoft Shared\Speech\csvd.exe [2009-01-10 17238528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f64230c3-0a74-11dd-87f0-806d6172696f}]
\Shell\AutoRun\command - D:\Run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{BBFB2FE5-131D-49F8-8BDD-EB3D145D961E} - c:\windows\system32\iifEvsss.dll
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\gnib6hbt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://kotaku.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\gnib6hbt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: z:\gametap\bin\Release\npgametaptool.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 22:27:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A958DB3C-0187-ED09-20F5-E4579CCA43B3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabblfiloighadojgf"=hex:6a,61,61,6f,63,61,70,6d,64,66,65,68,6c,6f,69,63,64,6b,
6a,70,00,f2
"hahbglpifhmlmfpp"=hex:6a,61,61,6f,63,61,70,6d,64,66,65,68,6c,6f,69,63,64,6b,
6a,70,00,f2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\WRLogonNTF.dll
.
r Running Proce
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-31 22:36:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-01 03:36:47

Pre-Run: 44,749,520,896 bytes free
Post-Run: 44,669,480,960 bytes free

400 --- E O F --- 2009-01-14 08:00:48


Report •

#10
January 31, 2009 at 19:57:09
Got ride of the misdirect but im still unable to download malwarebytes. I also get the message when i booot up my computer

" Windows cannot find c:\program. Please make sure you typed the name correctly and then try again. To search for a file, click the Start button, and then click Search."


Report •

#11
February 1, 2009 at 08:46:26
Post a new Hijack This log please.

Report •

#12
February 1, 2009 at 09:24:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:52 PM, on 2/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7430 bytes


Report •


Ask Question