Tech Support Forum - View Single Post - Google link redirects; random computer freeze and BSOD

meekazoid · 06-27-2009, 07:45 PM

hi Mark,

and many thanks for your quick response. much appreciated.
i ran combofix, and this is what is in the log file ->

ComboFix 09-06-26.02 - Dike 28/06/2009 2:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1270.932 [GMT 1:00]
Running from: c:\documents and settings\Dike\Desktop\Combo-Fix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dike\Application Data\inst.exe
c:\documents and settings\Dike\Local Settings\Temporary Internet Files\firmware.inf
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\gxvxcsnokylkjbocpxujcvvbddnsvaiwgpptj.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcwcvejecxljgoanmpwowykxmnxdqeocdw.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 01:59 . 2009-06-27 01:59 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\Opera
2009-06-25 23:14 . 2009-06-25 23:14 -------- d-----w- c:\program files\Trend Micro
2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\program files\ParetoLogic
2009-06-25 22:18 . 2009-06-25 22:18 -------- d-----w- c:\documents and settings\Susy\Local Settings\Application Data\Opera
2009-06-25 21:20 . 2009-06-25 21:20 -------- d-----w- c:\documents and settings\Dike\Application Data\GlarySoft
2009-06-17 23:17 . 2009-06-24 23:51 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\MediaMonkey
2009-06-17 23:17 . 2009-06-17 23:18 -------- d-----w- c:\program files\MediaMonkey
2009-05-31 18:00 . 2009-05-31 18:31 -------- d-----w- c:\program files\PKR
2009-05-31 09:58 . 2009-06-15 16:38 -------- d-----w- c:\documents and settings\Dike\Application Data\Spotify
2009-05-31 09:58 . 2009-05-31 09:59 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\Spotify
2009-05-31 09:58 . 2009-05-31 09:58 -------- d-----w- c:\program files\Spotify

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 01:35 . 2008-03-18 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-27 12:13 . 2008-10-02 11:19 -------- d-----w- c:\documents and settings\Dike\Application Data\Affinegy
2009-06-25 22:18 . 2007-10-27 19:58 -------- d-----w- c:\program files\Opera
2009-06-25 00:45 . 2009-04-20 22:22 -------- d-----w- c:\documents and settings\Dike\Application Data\TeraCopy
2009-06-14 14:56 . 2008-10-25 19:41 -------- d-----w- c:\documents and settings\Susy\Application Data\Affinegy
2009-06-06 01:16 . 2007-12-01 16:56 52168 ----a-w- c:\documents and settings\Susy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 20:25 . 2009-05-18 18:28 1 ----a-w- c:\documents and settings\Dike\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 00:03 . 2008-01-15 23:56 52168 ----a-w- c:\documents and settings\Dike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 00:03 . 2009-05-21 00:03 -------- d-----w- c:\program files\Avery
2009-05-18 18:26 . 2009-05-18 18:26 -------- d-----w- c:\documents and settings\Dike\Application Data\OpenOffice.org
2009-05-18 18:22 . 2009-05-18 18:22 -------- d-----w- c:\program files\JRE
2009-05-18 18:22 . 2009-05-18 18:22 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-18 18:21 . 2009-05-18 18:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 18:21 . 2007-10-20 00:35 -------- d-----w- c:\program files\Java
2009-05-05 19:23 . 2008-01-08 01:17 -------- d-----w- c:\documents and settings\Dike\Application Data\CyberLink
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-22 23:18 . 2009-01-21 19:54 47360 ----a-w- c:\documents and settings\Dike\Application Data\pcouffin.sys
2009-04-22 23:18 . 2009-01-21 19:54 47360 ----a-w- c:\documents and settings\Dike\Application Data\pcouffin.sys
2009-01-06 18:13 . 2007-10-20 11:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-06 18:13 . 2007-10-20 11:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-06 18:13 . 2007-10-20 11:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-06 18:13 . 2007-10-20 11:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-06 18:13 . 2007-10-20 11:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Google Update"="c:\documents and settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-15 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-15 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"B'sCLiP"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2005-11-30 700416]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 356352]
"AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-04-27 155648]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-06-20 2764800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dike\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2006-10-11 94208]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Dike\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [20/10/2007 01:51 10368]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [20/10/2007 01:51 164480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [20/10/2007 01:55 4300]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [28/05/2005 08:35 36864]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28/11/2005 12:06 31744]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28/11/2005 12:06 19456]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [04/08/2004 13:00 5120]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [28/12/2008 23:31 19840]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-606747145-682003330-1003.job
- c:\documents and settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:13]

2009-06-25 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2006-10-11 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Dike\Application Data\Mozilla\Firefox\Profiles\pl34ofi7.default\
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 02:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Samsung\MagicKBD\MagicKBD.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Virgin Broadband\PCguard\rpsupdaterR.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-28 2:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 01:37

Pre-Run: 13,270,016,000 bytes free
Post-Run: 14,644,486,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
242 --- E O F --- 2009-04-14 23:46

let me know if there is anything else you need me to do.

06-27-2009, 07:45 PM	#3 (permalink)
meekazoid Registered User Join Date: Jun 2009 Posts: 4 OS: Windows XP	Re: Google link redirects; random computer freeze and BSOD hi Mark, and many thanks for your quick response. much appreciated. i ran combofix, and this is what is in the log file -> ComboFix 09-06-26.02 - Dike 28/06/2009 2:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1270.932 [GMT 1:00] Running from: c:\documents and settings\Dike\Desktop\Combo-Fix.exe AV: PCguard Anti-Virus On-access scanning disabled (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: PCguard Firewall disabled {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dike\Application Data\inst.exe c:\documents and settings\Dike\Local Settings\Temporary Internet Files\firmware.inf c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\windows\system32\drivers\gxvxcsnokylkjbocpxujcvvbddnsvaiwgpptj.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\gxvxccounter c:\windows\system32\gxvxcwcvejecxljgoanmpwowykxmnxdqeocdw.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-27 01:59 . 2009-06-27 01:59 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\Opera 2009-06-25 23:14 . 2009-06-25 23:14 -------- d-----w- c:\program files\Trend Micro 2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware 2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\program files\ParetoLogic 2009-06-25 22:18 . 2009-06-25 22:18 -------- d-----w- c:\documents and settings\Susy\Local Settings\Application Data\Opera 2009-06-25 21:20 . 2009-06-25 21:20 -------- d-----w- c:\documents and settings\Dike\Application Data\GlarySoft 2009-06-17 23:17 . 2009-06-24 23:51 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\MediaMonkey 2009-06-17 23:17 . 2009-06-17 23:18 -------- d-----w- c:\program files\MediaMonkey 2009-05-31 18:00 . 2009-05-31 18:31 -------- d-----w- c:\program files\PKR 2009-05-31 09:58 . 2009-06-15 16:38 -------- d-----w- c:\documents and settings\Dike\Application Data\Spotify 2009-05-31 09:58 . 2009-05-31 09:59 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\Spotify 2009-05-31 09:58 . 2009-05-31 09:58 -------- d-----w- c:\program files\Spotify . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 01:35 . 2008-03-18 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki 2009-06-27 12:13 . 2008-10-02 11:19 -------- d-----w- c:\documents and settings\Dike\Application Data\Affinegy 2009-06-25 22:18 . 2007-10-27 19:58 -------- d-----w- c:\program files\Opera 2009-06-25 00:45 . 2009-04-20 22:22 -------- d-----w- c:\documents and settings\Dike\Application Data\TeraCopy 2009-06-14 14:56 . 2008-10-25 19:41 -------- d-----w- c:\documents and settings\Susy\Application Data\Affinegy 2009-06-06 01:16 . 2007-12-01 16:56 52168 ----a-w- c:\documents and settings\Susy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-24 20:25 . 2009-05-18 18:28 1 ----a-w- c:\documents and settings\Dike\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-21 00:03 . 2008-01-15 23:56 52168 ----a-w- c:\documents and settings\Dike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-21 00:03 . 2009-05-21 00:03 -------- d-----w- c:\program files\Avery 2009-05-18 18:26 . 2009-05-18 18:26 -------- d-----w- c:\documents and settings\Dike\Application Data\OpenOffice.org 2009-05-18 18:22 . 2009-05-18 18:22 -------- d-----w- c:\program files\JRE 2009-05-18 18:22 . 2009-05-18 18:22 -------- d-----w- c:\program files\OpenOffice.org 3 2009-05-18 18:21 . 2009-05-18 18:22 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-18 18:21 . 2007-10-20 00:35 -------- d-----w- c:\program files\Java 2009-05-05 19:23 . 2008-01-08 01:17 -------- d-----w- c:\documents and settings\Dike\Application Data\CyberLink 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-22 23:18 . 2009-01-21 19:54 47360 ----a-w- c:\documents and settings\Dike\Application Data\pcouffin.sys 2009-04-22 23:18 . 2009-01-21 19:54 47360 ----a-w- c:\documents and settings\Dike\Application Data\pcouffin.sys 2009-01-06 18:13 . 2007-10-20 11:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-01-06 18:13 . 2007-10-20 11:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-06 18:13 . 2007-10-20 11:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-01-06 18:13 . 2007-10-20 11:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-01-06 18:13 . 2007-10-20 11:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 68856] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] "Google Update"="c:\documents and settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-15 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-15 118784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "B'sCLiP"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2005-11-30 700416] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552] "DisplayManager"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 356352] "AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-04-27 155648] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-06-20 2764800] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216] "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728] "Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552] "PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000] "-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Dike\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2006-10-11 94208] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Documents and Settings\\Dike\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [20/10/2007 01:51 10368] R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [20/10/2007 01:51 164480] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [20/10/2007 01:55 4300] R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [28/05/2005 08:35 36864] R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28/11/2005 12:06 31744] R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28/11/2005 12:06 19456] S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [04/08/2004 13:00 5120] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [28/12/2008 23:31 19840] . Contents of the 'Scheduled Tasks' folder 2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-606747145-682003330-1003.job - c:\documents and settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:13] 2009-06-25 c:\windows\Tasks\ParetoLogic Anti-Spyware.job - c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2006-10-11 17:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.virginmedia.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Dike\Application Data\Mozilla\Firefox\Profiles\pl34ofi7.default\ FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 02:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2708) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Virgin Broadband\PCguard\Fws.exe c:\program files\Virgin Broadband Wireless\AffinegyService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\CA\PPRT\bin\ITMRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Samsung\MagicKBD\MagicKBD.exe c:\program files\Virgin Broadband Wireless\ndis_events.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Virgin Broadband\PCguard\rpsupdaterR.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-06-28 2:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-28 01:37 Pre-Run: 13,270,016,000 bytes free Post-Run: 14,644,486,144 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7 242 --- E O F --- 2009-04-14 23:46 let me know if there is anything else you need me to do.