spyware/malware issues...theprizeday.com

sjrrkb · 11-27-2009, 10:10 AM

so, I have run combofix, regcure, superantispyware, and malewarebytes, and avg... i still have popupsm, and when i start mozilla/firefox it brings up my homepage and a separate webpage that starts out as www.theprizeday.com then changes to www.hotebar.com

here are my logs from combofix and hijack this

combofix:
ComboFix 09-11-26.02 - Owner 11/27/2009 10:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1591 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm2D3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm386.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm3BD.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tmA30.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\stb06759.tmp

.
((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-26 16:34 . 2009-11-26 16:34 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2009-11-26 16:34 . 2009-11-26 16:34 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6C6919F04B85B5445BE61B02F0CE1C15.dll
2009-11-26 16:34 . 2009-11-26 16:34 -------- d-----w- c:\program files\Security Task Manager
2009-11-26 16:03 . 2009-11-26 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\wsInspector
2009-11-26 16:02 . 2009-11-26 16:04 -------- d-----w- c:\program files\Startup Inspector for Windows
2009-11-26 14:43 . 2009-11-26 15:15 -------- d-----w- c:\program files\Microsoft Bootvis
2009-11-26 09:00 . 2009-11-26 09:00 -------- d-----w- c:\program files\MSXML 4.0
2009-11-26 05:46 . 2009-11-26 05:46 139 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll
2009-11-26 03:53 . 2009-11-26 03:53 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-26 03:46 . 2009-11-26 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-26 03:46 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 03:46 . 2009-11-26 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-26 03:46 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 03:46 . 2009-11-26 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 03:42 . 2009-11-26 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-26 03:42 . 2009-11-26 03:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-26 03:42 . 2009-11-26 03:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-11-25 17:22 . 2009-11-25 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2009-11-25 17:22 . 2009-11-25 17:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Multi File Downloader
2009-11-25 17:10 . 2009-11-25 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-11-25 17:10 . 2009-11-25 17:54 -------- d-----w- c:\program files\RegCure
2009-11-25 17:05 . 2009-11-25 17:05 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-11-25 16:39 . 2009-11-25 16:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2009-11-25 16:29 . 2009-11-25 16:29 54 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDB6C50237B7ED245850A990F3532A83.dll
2009-11-25 15:53 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-11-25 15:53 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2009-11-25 15:52 . 2007-10-29 05:00 86528 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0411\CNMlr98.dll
2009-11-25 15:52 . 2007-10-29 05:00 77312 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0409\CNMsr98.dll
2009-11-25 15:52 . 2007-10-29 05:00 44544 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0411\CNMsr98.dll
2009-11-25 15:52 . 2007-10-29 05:00 378368 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0409\CNMur98.dll
2009-11-25 15:52 . 2007-10-29 05:00 275456 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0411\CNMur98.dll
2009-11-25 15:52 . 2007-10-29 05:00 156672 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0409\CNMlr98.dll
2009-11-25 15:51 . 2009-11-25 15:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-11-25 15:51 . 2007-10-29 05:00 223744 ----a-w- c:\windows\system32\CNMLM98.DLL
2009-11-25 15:51 . 2009-11-25 15:51 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-11-25 15:51 . 2007-03-15 14:12 188416 ----a-w- c:\windows\system32\CNC850O.DLL
2009-11-25 15:51 . 2007-10-26 08:54 204800 ----a-w- c:\windows\system32\CNC850L.DLL
2009-11-25 15:51 . 2007-09-20 16:28 98304 ----a-w- c:\windows\system32\CNC850I.DLL
2009-11-25 15:51 . 2007-09-20 16:29 1339392 ----a-w- c:\windows\system32\CNC850C.DLL
2009-11-25 15:50 . 2007-10-03 10:10 106496 ----a-w- c:\windows\system32\CNCFMSf.EXE
2009-11-25 15:50 . 2007-10-03 10:06 3072 ----a-w- c:\windows\system32\CNCFLfJP.DLL
2009-11-25 15:50 . 2007-10-03 10:06 3584 ----a-w- c:\windows\system32\CNCFLfUS.DLL
2009-11-25 15:50 . 2007-10-03 10:10 156160 ----a-w- c:\windows\system32\CNCF2Lf.DLL
2009-11-25 15:50 . 2009-11-25 15:50 -------- d--h--w- c:\program files\CanonBJ
2009-11-25 15:50 . 2007-05-14 15:49 142336 ----a-w- c:\windows\system32\CNMNPUI.DLL
2009-11-25 15:50 . 2007-05-14 15:49 362496 ----a-w- c:\windows\system32\CNMNPPM.DLL
2009-11-25 15:49 . 2009-11-25 15:54 -------- d-----w- c:\program files\Canon
2009-11-22 15:00 . 2009-11-27 16:33 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-11-22 13:16 . 2009-11-15 04:39 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-22 13:16 . 2009-11-15 04:38 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-22 13:14 . 2009-11-15 04:38 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-22 13:14 . 2009-11-15 04:38 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-15 04:39 . 2009-11-15 04:45 -------- d-----w- C:\$AVG
2009-11-15 04:38 . 2009-11-15 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-09 02:45 . 2009-11-09 02:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-09 02:40 . 2009-11-09 02:40 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-11-09 00:58 . 2009-11-25 14:41 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-11-09 00:54 . 2009-11-09 00:54 -------- d-----w- c:\program files\Microsoft
2009-11-09 00:54 . 2009-11-09 00:54 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-09 00:53 . 2009-11-09 00:56 -------- d-----w- c:\program files\Windows Live
2009-11-09 00:14 . 2009-11-09 00:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-09 00:13 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-09 00:13 . 2009-11-09 13:50 -------- d-----w- c:\windows\ie8updates
2009-11-09 00:13 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-09 00:13 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-09 00:10 . 2009-11-09 00:12 -------- dc-h--w- c:\windows\ie8
2009-11-09 00:00 . 2009-11-09 00:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2009-11-08 23:58 . 2009-11-08 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2009-11-08 23:53 . 2009-11-08 23:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-08 23:50 . 2009-11-08 23:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-11-08 23:50 . 2009-11-26 16:44 -------- d-----w- c:\program files\Windows Desktop Search
2009-11-08 23:50 . 2009-11-08 23:50 -------- d-----w- c:\windows\system32\GroupPolicy
2009-11-08 23:49 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-11-08 23:49 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-11-08 23:49 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-11-08 23:48 . 2009-11-08 23:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\EA Core
2009-11-08 23:48 . 2009-11-08 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-08 17:48 . 2009-11-08 17:48 38208 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-11-08 17:48 . 2009-11-08 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-08 17:47 . 2009-11-08 17:47 -------- d-----w- c:\windows\system32\AGEIA
2009-11-08 17:47 . 2009-11-08 17:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-08 16:57 . 2009-11-25 15:48 -------- d-----w- c:\program files\Dragon Age
2009-11-08 16:57 . 2009-11-08 17:43 -------- d-----w- c:\program files\Common Files\BioWare
2009-11-08 05:23 . 2009-11-08 05:23 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 16:34 . 2008-08-21 03:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IGN_DLM
2009-11-27 16:25 . 2007-10-01 21:40 100719 ----a-w- c:\windows\system32\nvModes.dat
2009-11-26 16:41 . 2009-11-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-11-26 14:24 . 2008-08-21 15:25 18256 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-26 03:41 . 2008-08-21 15:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-25 16:36 . 2009-01-28 18:14 -------- d-----w- c:\program files\Common Files\Real
2009-11-25 16:29 . 2009-11-25 16:29 482 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E1DEBD8B3CB880d49BA49F7D8DE8B9FB.dll
2009-11-15 04:39 . 2009-04-04 21:03 -------- d-----w- c:\program files\AVG
2009-11-15 04:39 . 2009-04-04 21:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-15 04:39 . 2009-04-04 21:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-15 04:39 . 2009-04-04 21:03 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-15 04:39 . 2009-04-04 21:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 14:20 . 2006-08-02 15:20 -------- d-----w- c:\program files\BAE
2009-11-08 23:47 . 2008-10-09 00:49 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-11-08 16:55 . 2009-05-05 02:14 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-08 06:37 . 2008-08-21 03:31 -------- d-----w- c:\program files\Download Manager
2009-11-08 05:25 . 2006-08-02 15:10 -------- d-----w- c:\program files\Java
2009-10-11 10:17 . 2008-12-10 20:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 20:57 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-19 22:06 . 2009-04-15 22:00 4141117 ----a-w- c:\documents and settings\Owner\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-09-19 22:06 . 2009-04-15 22:00 6516755 ----a-w- c:\documents and settings\Owner\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-15 2020120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-29 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-21 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-31 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-15 04:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/4/2009 3:04 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/4/2009 3:04 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/14/2009 10:38 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/14/2009 10:38 PM 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/26/2009 12:24 PM 721904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/8/2009 11:20 AM 25832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]

2009-06-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2007-08-31 19:13]

2009-11-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-27 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = www.drudgereport.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4wiittvi.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://www.drudgereport.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-NavLogon - (no file)
AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe verbose
AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe uninst.ini
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe ADDREMOVE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 10:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\@** ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2009-11-27 10:53
ComboFix-quarantined-files.txt 2009-11-27 16:53

Pre-Run: 56,484,233,216 bytes free
Post-Run: 56,562,200,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0D2B47CA2F9CCE2077D63727BAACF412

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:00 AM, on 11/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.drudgereport.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1219083152812
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System Products, Inc. - (no file)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Intel(R) Corporation - (no file)

--
End of file - 7553 bytes

anyhelp would be appreciated!!!

11-27-2009, 10:10 AM	#1 (permalink)
sjrrkb Registered User Join Date: Nov 2009 Posts: 1 OS: xp, sp3	spyware/malware issues...theprizeday.com so, I have run combofix, regcure, superantispyware, and malewarebytes, and avg... i still have popupsm, and when i start mozilla/firefox it brings up my homepage and a separate webpage that starts out as www.theprizeday.com then changes to www.hotebar.com here are my logs from combofix and hijack this combofix: ComboFix 09-11-26.02 - Owner 11/27/2009 10:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1591 [GMT -6:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm2D3.tmp c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm386.tmp c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm3BD.tmp c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tmA30.tmp c:\documents and settings\Owner\Local Settings\Temporary Internet Files\stb06759.tmp . ((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 ))))))))))))))))))))))))))))))) . 2009-11-26 16:34 . 2009-11-26 16:34 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll 2009-11-26 16:34 . 2009-11-26 16:34 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6C6919F04B85B5445BE61B02F0CE1C15.dll 2009-11-26 16:34 . 2009-11-26 16:34 -------- d-----w- c:\program files\Security Task Manager 2009-11-26 16:03 . 2009-11-26 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\wsInspector 2009-11-26 16:02 . 2009-11-26 16:04 -------- d-----w- c:\program files\Startup Inspector for Windows 2009-11-26 14:43 . 2009-11-26 15:15 -------- d-----w- c:\program files\Microsoft Bootvis 2009-11-26 09:00 . 2009-11-26 09:00 -------- d-----w- c:\program files\MSXML 4.0 2009-11-26 05:46 . 2009-11-26 05:46 139 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll 2009-11-26 03:53 . 2009-11-26 03:53 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-26 03:46 . 2009-11-26 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-11-26 03:46 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-26 03:46 . 2009-11-26 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-26 03:46 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-26 03:46 . 2009-11-26 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-26 03:42 . 2009-11-26 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-11-26 03:42 . 2009-11-26 03:42 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-11-26 03:42 . 2009-11-26 03:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-11-25 17:22 . 2009-11-25 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2009-11-25 17:22 . 2009-11-25 17:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Multi File Downloader 2009-11-25 17:10 . 2009-11-25 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2009-11-25 17:10 . 2009-11-25 17:54 -------- d-----w- c:\program files\RegCure 2009-11-25 17:05 . 2009-11-25 17:05 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-11-25 16:39 . 2009-11-25 16:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help 2009-11-25 16:29 . 2009-11-25 16:29 54 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDB6C50237B7ED245850A990F3532A83.dll 2009-11-25 15:53 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2009-11-25 15:53 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys 2009-11-25 15:52 . 2007-10-29 05:00 86528 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0411\CNMlr98.dll 2009-11-25 15:52 . 2007-10-29 05:00 77312 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0409\CNMsr98.dll 2009-11-25 15:52 . 2007-10-29 05:00 44544 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0411\CNMsr98.dll 2009-11-25 15:52 . 2007-10-29 05:00 378368 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0409\CNMur98.dll 2009-11-25 15:52 . 2007-10-29 05:00 275456 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0411\CNMur98.dll 2009-11-25 15:52 . 2007-10-29 05:00 156672 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MX850 series Printer\LanguageModules\0409\CNMlr98.dll 2009-11-25 15:51 . 2009-11-25 15:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2009-11-25 15:51 . 2007-10-29 05:00 223744 ----a-w- c:\windows\system32\CNMLM98.DLL 2009-11-25 15:51 . 2009-11-25 15:51 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-11-25 15:51 . 2007-03-15 14:12 188416 ----a-w- c:\windows\system32\CNC850O.DLL 2009-11-25 15:51 . 2007-10-26 08:54 204800 ----a-w- c:\windows\system32\CNC850L.DLL 2009-11-25 15:51 . 2007-09-20 16:28 98304 ----a-w- c:\windows\system32\CNC850I.DLL 2009-11-25 15:51 . 2007-09-20 16:29 1339392 ----a-w- c:\windows\system32\CNC850C.DLL 2009-11-25 15:50 . 2007-10-03 10:10 106496 ----a-w- c:\windows\system32\CNCFMSf.EXE 2009-11-25 15:50 . 2007-10-03 10:06 3072 ----a-w- c:\windows\system32\CNCFLfJP.DLL 2009-11-25 15:50 . 2007-10-03 10:06 3584 ----a-w- c:\windows\system32\CNCFLfUS.DLL 2009-11-25 15:50 . 2007-10-03 10:10 156160 ----a-w- c:\windows\system32\CNCF2Lf.DLL 2009-11-25 15:50 . 2009-11-25 15:50 -------- d--h--w- c:\program files\CanonBJ 2009-11-25 15:50 . 2007-05-14 15:49 142336 ----a-w- c:\windows\system32\CNMNPUI.DLL 2009-11-25 15:50 . 2007-05-14 15:49 362496 ----a-w- c:\windows\system32\CNMNPPM.DLL 2009-11-25 15:49 . 2009-11-25 15:54 -------- d-----w- c:\program files\Canon 2009-11-22 15:00 . 2009-11-27 16:33 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat 2009-11-22 13:16 . 2009-11-15 04:39 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2009-11-22 13:16 . 2009-11-15 04:38 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-11-22 13:14 . 2009-11-15 04:38 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2009-11-22 13:14 . 2009-11-15 04:38 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2009-11-15 04:39 . 2009-11-15 04:45 -------- d-----w- C:\$AVG 2009-11-15 04:38 . 2009-11-15 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-09 02:45 . 2009-11-09 02:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-09 02:40 . 2009-11-09 02:40 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-11-09 00:58 . 2009-11-25 14:41 -------- d-----w- c:\documents and settings\Owner\Tracing 2009-11-09 00:54 . 2009-11-09 00:54 -------- d-----w- c:\program files\Microsoft 2009-11-09 00:54 . 2009-11-09 00:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-09 00:53 . 2009-11-09 00:56 -------- d-----w- c:\program files\Windows Live 2009-11-09 00:14 . 2009-11-09 00:14 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-09 00:13 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-11-09 00:13 . 2009-11-09 13:50 -------- d-----w- c:\windows\ie8updates 2009-11-09 00:13 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-11-09 00:13 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-11-09 00:10 . 2009-11-09 00:12 -------- dc-h--w- c:\windows\ie8 2009-11-09 00:00 . 2009-11-09 00:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search 2009-11-08 23:58 . 2009-11-08 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-11-08 23:53 . 2009-11-08 23:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-11-08 23:50 . 2009-11-08 23:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search 2009-11-08 23:50 . 2009-11-26 16:44 -------- d-----w- c:\program files\Windows Desktop Search 2009-11-08 23:50 . 2009-11-08 23:50 -------- d-----w- c:\windows\system32\GroupPolicy 2009-11-08 23:49 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2009-11-08 23:49 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2009-11-08 23:49 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2009-11-08 23:48 . 2009-11-08 23:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\EA Core 2009-11-08 23:48 . 2009-11-08 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-11-08 17:48 . 2009-11-08 17:48 38208 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe 2009-11-08 17:48 . 2009-11-08 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-08 17:47 . 2009-11-08 17:47 -------- d-----w- c:\windows\system32\AGEIA 2009-11-08 17:47 . 2009-11-08 17:47 -------- d-----w- c:\program files\AGEIA Technologies 2009-11-08 16:57 . 2009-11-25 15:48 -------- d-----w- c:\program files\Dragon Age 2009-11-08 16:57 . 2009-11-08 17:43 -------- d-----w- c:\program files\Common Files\BioWare 2009-11-08 05:23 . 2009-11-08 05:23 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-27 16:34 . 2008-08-21 03:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IGN_DLM 2009-11-27 16:25 . 2007-10-01 21:40 100719 ----a-w- c:\windows\system32\nvModes.dat 2009-11-26 16:41 . 2009-11-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-11-26 14:24 . 2008-08-21 15:25 18256 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-26 03:41 . 2008-08-21 15:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-25 16:36 . 2009-01-28 18:14 -------- d-----w- c:\program files\Common Files\Real 2009-11-25 16:29 . 2009-11-25 16:29 482 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E1DEBD8B3CB880d49BA49F7D8DE8B9FB.dll 2009-11-15 04:39 . 2009-04-04 21:03 -------- d-----w- c:\program files\AVG 2009-11-15 04:39 . 2009-04-04 21:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-15 04:39 . 2009-04-04 21:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-15 04:39 . 2009-04-04 21:03 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-15 04:39 . 2009-04-04 21:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-09 14:20 . 2006-08-02 15:20 -------- d-----w- c:\program files\BAE 2009-11-08 23:47 . 2008-10-09 00:49 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData 2009-11-08 16:55 . 2009-05-05 02:14 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-08 06:37 . 2008-08-21 03:31 -------- d-----w- c:\program files\Download Manager 2009-11-08 05:25 . 2006-08-02 15:10 -------- d-----w- c:\program files\Java 2009-10-11 10:17 . 2008-12-10 20:29 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 20:57 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 20:56 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2009-09-19 22:06 . 2009-04-15 22:00 4141117 ----a-w- c:\documents and settings\Owner\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe 2009-09-19 22:06 . 2009-04-15 22:00 6516755 ----a-w- c:\documents and settings\Owner\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe 2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-15 2020120] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-29 67584] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-21 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-31 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-15 04:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/4/2009 3:04 PM 333192] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/4/2009 3:04 PM 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/14/2009 10:38 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/14/2009 10:38 PM 285392] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/26/2009 12:24 PM 721904] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/8/2009 11:20 AM 25832] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01] 2009-06-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2007-08-31 19:13] 2009-11-27 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-09-21 19:46] 2009-11-27 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-09-21 19:46] 2009-11-26 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-09-21 19:46] . . ------- Supplementary Scan ------- . uStart Page = www.drudgereport.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4wiittvi.default\ FF - prefs.js: browser.search.selectedEngine - GamingHarbor FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php\|http://www.drudgereport.com/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) Notify-NavLogon - (no file) AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe verbose AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe uninst.ini AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe ADDREMOVE ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-27 10:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\@ ] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'lsass.exe'(1040) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . Completion time: 2009-11-27 10:53 ComboFix-quarantined-files.txt 2009-11-27 16:53 Pre-Run: 56,484,233,216 bytes free Post-Run: 56,562,200,576 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 0D2B47CA2F9CCE2077D63727BAACF412 hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:10:00 AM, on 11/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.drudgereport.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe /windowsstart /startifwork O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1219083152812 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System Products, Inc. - (no file) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Intel(R) Corporation - (no file) -- End of file - 7553 bytes anyhelp would be appreciated!!!