Very slow startup plus malware/viruses

[kbjustin]

I am having two big problems with my computer but im not sure they are related. About a week and half ago while i was writing a paper on my laptop it started to run very slow and froze momentarily a few times i checked task manager and saw a bunch of processes running i had never seen before including ones i know are from viruses and other stuff. I ran some virus/spyware/adware scans and it seems to have gotten rid of some stuff but still does seem slow and my anti-virus program and spyware programs occasionally pop saying they discovered spyware/virus. The other problem I am having is my computer is starting very slowly. At the Windows XP screen(with the green bar before the login screen) it takes like 3 minutes before it gets to the login screen and then once i enter my password to login its about another 3 minutes or so before i can actually launch a program. The weird thing is this started after i lent my laptop to my friend so he can do a presentation. The computer was in hibernate(it also takes longer to hibernate now) and he said all he did was turn it on and use powerpoint and shut it down when he was done. He didnt say he dropped it or anything like that but could something like even cause slow startup.


DDS (Version 1.0) - NTFSx86
Run by JustinN at 15:20:57.46 on Sat 12/06/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.510 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JustinN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\JustinN\Desktop\idm\crack\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JustinN\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://mlb.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {C5AF42A3-94F3-42BD-F434-3604832C897D} - c:\windows\system32\hsef73uhef.dll
TB: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - c:\program files\netcraft toolbar\nctb.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\justinn\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IDMan] c:\documents and settings\justinn\desktop\idm\crack\IDMan.exe /onboot
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Amudihanofo] rundll32.exe "c:\windows\Sguviw.dll",e
mRun: [Ghova] rundll32.exe "c:\windows\onohelic.dll",e
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download All Links with IDM - c:\documents and settings\justinn\desktop\idm\crack\IEGetAll.htm
IE: Download with IDM - c:\documents and settings\justinn\desktop\idm\crack\IEExt.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: ssqOHyWP - ssqOHyWP.dll
AppInit_DLLs: interceptor.dll,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {C5AF42A3-94F3-42BD-F434-3604832C897D} - c:\windows\system32\hsef73uhef.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\window~4\MpShHook.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcYoPhi

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-22 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-13 26824]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-22 231704]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2006-7-25 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2006-7-25 12032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-1-26 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-10-5 13592]
S3 nenum13E;nenum13E;\??\c:\docume~1\justinn\locals~1\temp\nenum13E.sys []

=============== Created Last 30 ================


==================== Find3M ====================

2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-19 16:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-19 16:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 05:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-03-23 22:38 22,328 a------- c:\docume~1\justinn\applic~1\PnkBstrK.sys
2008-03-08 21:51 13,195 a------- c:\documents and settings\justinn\zguicfgw.dat
2007-04-13 15:41 159 a------- c:\program files\ImError.log
2007-04-13 15:31 27 a------- c:\program files\ips_uk.dat
2006-03-23 11:38 72 a------- c:\program files\CharSet.txt
2006-02-09 14:07 1,712,636 a------- c:\program files\WebSite.chm
2005-12-13 09:56 163 a------- c:\program files\PlugIn.ini
2005-12-12 16:15 2,174 a------- c:\program files\Models.ini
2005-09-19 10:48 3,262 a------- c:\program files\Impkcr.dat
2008-08-04 14:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 15:21:28.62 ===============

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

DDS::
BHO: {C5AF42A3-94F3-42BD-F434-3604832C897D} - c:\WINDOWS\system32\hsef73uhef.dll
mRun: [Amudihanofo] rundll32.exe "c:\WINDOWS\Sguviw.dll",e
mRun: [Ghova] rundll32.exe "c:\WINDOWS\onohelic.dll",e
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Notify: ssqOHyWP - ssqOHyWP.dll
STS: {C5AF42A3-94F3-42BD-F434-3604832C897D} - c:\WINDOWS\system32\hsef73uhef.dll
DRIVER::
nenum13E
FILE::
c:\documents and settings\justinn\zguicfgw.dat

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.

[kbjustin]

quick question, while following the instructions to install the windows xp recovery console i followed them and i saw a progress bar but no prompt ever came up saying it was installed. At first it asked if i wanted to run combofix and i clicked yes and after a few minutes it went straight to the prompt screen with a blue background. Is this was its supposed to do?

[sUBs]

Yes. Please allow it to continue. If ComboFix detects the Recovery Consoles isn't installed, it shall prompt you.

[kbjustin]

i am having a bit of a problem. I followed the instructions and the scan completed but it never said anything about a log and it said that it needed to reboot my computer. After a few minutes it started to reboot it but it has been stuck at the "windows is shutting down" screen for about 15 minutes. Should i just shut off my laptop manually? Also the scan ran without me dragging the txt file into combofix it just started after it installed the recovery console

[sUBs]

Please reboot.

[kbjustin]

ComboFix 08-12-07.04 - JustinN 2008-12-09 14:52:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.743 [GMT -5:00]
Running from: c:\documents and settings\JustinN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JustinN\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JustinN\Application Data\gadcom
c:\documents and settings\JustinN\Application Data\gadcom\gadcom.exe
c:\documents and settings\JustinN\Application Data\NI.GSCNS
c:\documents and settings\JustinN\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\JustinN\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\JustinN\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcbu_32.exe
c:\windows\nohh06760.exe
c:\windows\system32\bszip.dll
c:\windows\system32\gs73gfidgf.dll
c:\windows\system32\hsef73uhef.dll
c:\windows\system32\ihPoYcfe.ini
c:\windows\system32\ihPoYcfe.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\prunnet.exe
c:\windows\Tasks\tjowctrf.job

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-06 14:28 . 2008-12-06 14:28 250 --a------ c:\windows\gmer.ini
2008-12-04 00:16 . 2008-12-04 00:20 <DIR> d-------- C:\cygwin
2008-12-03 00:27 . 2008-12-03 00:27 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 00:27 . 2008-12-03 00:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2008-12-02 19:05 . 2008-12-02 19:05 142,848 --a------ c:\windows\onohelic.dll
2008-12-02 02:57 . 2008-12-02 02:57 103 --a------ c:\windows\wininit.ini
2008-12-02 00:20 . 2008-12-03 19:11 102,176 --a------ c:\windows\system32\cont_globaladsolution-remove.exe
2008-12-02 00:20 . 2008-12-02 00:20 54,265 --a------ c:\windows\c20232.exe
2008-12-02 00:19 . 2008-12-02 00:19 85,015 --a------ c:\windows\vtj708346.exe
2008-12-02 00:19 . 2008-12-02 00:19 38,144 --a------ C:\bflkwx.exe
2008-12-02 00:19 . 2008-12-02 00:19 24,576 --a------ c:\windows\Sguviw.dll
2008-12-02 00:18 . 2008-12-02 00:19 122,880 --a------ C:\fjdug.exe
2008-11-21 06:58 . 2008-11-24 01:08 <DIR> d-------- c:\program files\Full Tilt Poker
2008-11-12 09:12 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 09:10 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 18:35 --------- d-----w c:\documents and settings\JustinN\Application Data\DMCache
2008-12-08 20:42 --------- d-----w c:\documents and settings\JustinN\Application Data\U3
2008-11-26 07:13 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2008-11-21 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 03:21 --------- d--h--w c:\documents and settings\JustinN\Application Data\Move Networks
2008-11-17 04:59 --------- d-----w c:\program files\DivX
2008-11-16 09:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 00:14 --------- d-----w c:\program files\GameSpy Arcade
2008-11-13 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-13 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-03-24 03:38 22,328 ----a-w c:\documents and settings\JustinN\Application Data\PnkBstrK.sys
2008-03-09 02:51 13,195 ----a-w c:\documents and settings\JustinN\zguicfgw.dat
2007-04-13 20:41 159 ----a-w c:\program files\ImError.log
2007-04-13 20:31 27 ----a-w c:\program files\ips_uk.dat
2006-03-23 16:38 72 ----a-w c:\program files\CharSet.txt
2006-02-09 19:07 1,712,636 ----a-w c:\program files\WebSite.chm
2005-12-13 14:56 163 ----a-w c:\program files\PlugIn.ini
2005-12-12 21:15 2,174 ----a-w c:\program files\Models.ini
2005-11-27 22:45 4 ----a-w c:\documents and settings\Justin\FO933.DAT
2005-09-19 15:48 3,262 ----a-w c:\program files\Impkcr.dat
2008-08-04 19:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\JustinN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"IDMan"="c:\documents and settings\JustinN\Desktop\idm\crack\IDMan.exe" [2006-03-19 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-11-10 598016]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Amudihanofo"="c:\windows\Sguviw.dll" [2008-12-02 24576]
"Ghova"="c:\windows\onohelic.dll" [2008-12-02 142848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=interceptor.dll,avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Konfabulator.lnk]
backup=c:\windows\pss\Konfabulator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Registration Prince of Persia Warrior Within.LNK]
backup=c:\windows\pss\Registration Prince of Persia Warrior Within.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Scheduler.lnk]
backup=c:\windows\pss\Scheduler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^X1.lnk]
backup=c:\windows\pss\X1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyCatcher Reminder

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 16:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
--a------ 2004-09-27 06:09 106496 c:\program files\CA\eTrust PestPatrol\PPActiveDetection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2006-03-18 08:54 834560 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 08:50 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-09-10 12:13 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-10 12:12 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2004-07-12 13:57 1265152 c:\program files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Jnskdfmf9eldfd"=c:\docume~1\JustinN\LOCALS~1\Temp\csrssc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\myTunes Redux\\mDNSResponder.exe"=
"c:\\Documents and Settings\\JustinN\\Desktop\\idm\\crack\\IDMan.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\JustinN\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Autobahn\\mlb-nexdef-autobahn.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6881:TCP"= 6881:TCP:Torrent
"6881:UDP"= 6881:UDP:Torrent
"6882:TCP"= 6882:TCP:Torrent
"6882:UDP"= 6882:UDP:Torrent
"6883:TCP"= 6883:TCP:Torrent
"6883:UDP"= 6883:UDP:Torrent
"6884:TCP"= 6884:TCP:Torrent
"6884:UDP"= 6884:UDP:Torrent
"6885:TCP"= 6885:TCP:Torrent
"6885:UDP"= 6885:UDP:Torrent
"6886:TCP"= 6886:TCP:Torrent
"6886:UDP"= 6886:UDP:Torrent
"6887:TCP"= 6887:TCP:Torrent
"6887:UDP"= 6887:UDP:Torrent
"6888:TCP"= 6888:TCP:Torrent
"6888:UDP"= 6888:UDP:Torrent
"6889:TCP"= 6889:TCP:Torrent
"6889:UDP"= 6889:UDP:Torrent
"9336:TCP"= 9336:TCP:Torrent
"9336:UDP"= 9336:UDP:Torrent
"2346:TCP"= 2346:TCP:Lockdown
"2346:UDP"= 2346:UDP:Lockdown
"80:TCP"= 80:TCP:lockdown
"6667:UDP"= 6667:UDP:lockdown
"80:UDP"= 80:UDP:Lockdown
"1833:TCP"= 1833:TCP:apexdc++
"3702:UDP"= 3702:UDP:apexdc++

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-22 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 231704]
R2 ithsgt;ithsgt;c:\windows\system32\DRIVERS\ithsgt.sys [2006-07-25 162432]
R2 lilsgt;lilsgt;c:\windows\system32\DRIVERS\lilsgt.sys [2006-07-25 12032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-26 24652]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-10-05 13592]
S3 nenum13E;nenum13E;\??\c:\docume~1\JustinN\LOCALS~1\Temp\nenum13E.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{386988c5-b00f-11db-9664-001143753e42}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da43eba3-01be-11dd-99e9-001143753e42}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-09 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\JustinN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 00:12]

2008-11-14 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (KAPPERS-Stephanie).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11]

2008-12-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
- - - - ORPHANS REMOVED - - - -

Notify-jkhfd - (no file)
Notify-ssqOHyWP - ssqOHyWP.dll
MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe
MSConfigStartUp-LeechGet - c:\program files\LeechGet 2005\LeechGet.exe
MSConfigStartUp-Zinio DLM - c:\program files\Zinio\ZinioDeliveryManager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mlb.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All Links with IDM - c:\documents and settings\JustinN\Desktop\idm\crack\IEGetAll.htm
IE: Download with IDM - c:\documents and settings\JustinN\Desktop\idm\crack\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com

c:\windows\Downloaded Program Files\BFHPatcher.exe - c:\windows\Downloaded Program Files\westpatcher.dll
O16 -: {784797A8-342D-4072-9486-03C8D0F2F0A1}
hxxp://t1.battlefield-heroes.com/patcher/westpatcher.cab
c:\windows\Downloaded Program Files\westpatcher.inf

c:\windows\Downloaded Program Files\installer.ocx - O16 -: {82FFA573-38AA-482A-99AD-91F697B91631}
hxxp://www.file2you.net/applet.cab

c:\windows\Downloaded Program Files\CNICAT.ocx - O16 -: {C190FF32-96D0-445F-9F60-5CF288FD3D0F}
hxxps://resnet.verify.binghamton.edu:8443/registration/CAT/CNICAT.cab

c:\windows\system32\mfc42.dll - c:\windows\Downloaded Program Files\AFCStarter.ocx
O16 -: {F0320816-41D9-49DD-B2F3-8E7B0AE32796}
hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
c:\windows\Downloaded Program Files\AFCStarter.inf
FireFox -: Profile - c:\documents and settings\JustinN\Application Data\Mozilla\Firefox\Profiles\ctwxmeqx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nfl.com/
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\JustinN\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 15:56:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\UAService7.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-09 16:11:01 - machine was rebooted [JustinN]
ComboFix-quarantined-files.txt 2008-12-09 21:09:36

Pre-Run: 5,396,873,216 bytes free
Post-Run: 5,548,507,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

333 --- E O F --- 2008-12-08 20:54:18

[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/320859-very-slow-startup-plus-malware-viruses.html#post1848058
File::
c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (KAPPERS-Stephanie).job
Collect::
c:\windows\onohelic.dll
c:\windows\system32\cont_globaladsolution-remove.exe
c:\windows\c20232.exe
c:\windows\vtj708346.exe
C:\bflkwx.exe
c:\windows\Sguviw.dll
C:\fjdug.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amudihanofo"=-
"Ghova"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------


In your next post, please include fresh logs from:

1. Online scan
2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[kbjustin]

i am having a problem with my internet explorer and therefore using kaspersky. Most websites in IE are like this but i dont know why. I use firefox so i have no idea when this problem started. Do you know how to fix this. I attached a screen capture of it

[sUBs]

The image is blurry. What was it that you wanted me to see?

[kbjustin]

basically i cant see any of the things i need to click on. I feel like it has something to do with activeX but i really dont know. Where there should be links or pictures i see a white square with a red square, blue triangle and red circle inside of it.

[sUBs]

Those may be changed via IE's settings.

Launch IE & go to Tools > Internet Options
Under the 'Advance' tab, you will find an entry listed as "Show Pictures"

[kbjustin]

I attached the two logs you requested.

ComboFix 08-12-07.04 - JustinN 2008-12-09 20:15:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.653 [GMT -5:00]
Running from: c:\documents and settings\JustinN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JustinN\Desktop\CFScript.txt

FILE ::
c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (KAPPERS-Stephanie).job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bflkwx.exe
C:\fjdug.exe
c:\windows\c20232.exe
c:\windows\onohelic.dll
c:\windows\Sguviw.dll
c:\windows\system32\cont_globaladsolution-remove.exe
c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (KAPPERS-Stephanie).job
c:\windows\vtj708346.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-06 14:28 . 2008-12-06 14:28 250 --a------ c:\windows\gmer.ini
2008-12-04 00:16 . 2008-12-04 00:20 <DIR> d-------- C:\cygwin
2008-12-03 00:27 . 2008-12-03 00:27 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 00:27 . 2008-12-03 00:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2008-12-02 02:57 . 2008-12-02 02:57 103 --a------ c:\windows\wininit.ini
2008-11-21 06:58 . 2008-11-24 01:08 <DIR> d-------- c:\program files\Full Tilt Poker
2008-11-12 09:12 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 09:10 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 01:17 --------- d-----w c:\documents and settings\JustinN\Application Data\DMCache
2008-12-09 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 20:42 --------- d-----w c:\documents and settings\JustinN\Application Data\U3
2008-11-26 07:13 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2008-11-21 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 03:21 --------- d--h--w c:\documents and settings\JustinN\Application Data\Move Networks
2008-11-17 04:59 --------- d-----w c:\program files\DivX
2008-11-16 09:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 00:14 --------- d-----w c:\program files\GameSpy Arcade
2008-11-13 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-13 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-03-24 03:38 22,328 ----a-w c:\documents and settings\JustinN\Application Data\PnkBstrK.sys
2008-03-09 02:51 13,195 ----a-w c:\documents and settings\JustinN\zguicfgw.dat
2007-04-13 20:41 159 ----a-w c:\program files\ImError.log
2007-04-13 20:31 27 ----a-w c:\program files\ips_uk.dat
2006-03-23 16:38 72 ----a-w c:\program files\CharSet.txt
2006-02-09 19:07 1,712,636 ----a-w c:\program files\WebSite.chm
2005-12-13 14:56 163 ----a-w c:\program files\PlugIn.ini
2005-12-12 21:15 2,174 ----a-w c:\program files\Models.ini
2005-11-27 22:45 4 ----a-w c:\documents and settings\Justin\FO933.DAT
2005-09-19 15:48 3,262 ----a-w c:\program files\Impkcr.dat
2008-08-04 19:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_16.07.27.21 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\JustinN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"IDMan"="c:\documents and settings\JustinN\Desktop\idm\crack\IDMan.exe" [2006-03-19 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-11-10 598016]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=interceptor.dll,avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Konfabulator.lnk]
backup=c:\windows\pss\Konfabulator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Registration Prince of Persia Warrior Within.LNK]
backup=c:\windows\pss\Registration Prince of Persia Warrior Within.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Scheduler.lnk]
backup=c:\windows\pss\Scheduler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^X1.lnk]
backup=c:\windows\pss\X1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 16:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
--a------ 2004-09-27 06:09 106496 c:\program files\CA\eTrust PestPatrol\PPActiveDetection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2006-03-18 08:54 834560 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 08:50 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-09-10 12:13 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-10 12:12 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2004-07-12 13:57 1265152 c:\program files\Acesoft\Tracks Eraser Pro\te.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\myTunes Redux\\mDNSResponder.exe"=
"c:\\Documents and Settings\\JustinN\\Desktop\\idm\\crack\\IDMan.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\JustinN\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Autobahn\\mlb-nexdef-autobahn.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6881:TCP"= 6881:TCP:Torrent
"6881:UDP"= 6881:UDP:Torrent
"6882:TCP"= 6882:TCP:Torrent
"6882:UDP"= 6882:UDP:Torrent
"6883:TCP"= 6883:TCP:Torrent
"6883:UDP"= 6883:UDP:Torrent
"6884:TCP"= 6884:TCP:Torrent
"6884:UDP"= 6884:UDP:Torrent
"6885:TCP"= 6885:TCP:Torrent
"6885:UDP"= 6885:UDP:Torrent
"6886:TCP"= 6886:TCP:Torrent
"6886:UDP"= 6886:UDP:Torrent
"6887:TCP"= 6887:TCP:Torrent
"6887:UDP"= 6887:UDP:Torrent
"6888:TCP"= 6888:TCP:Torrent
"6888:UDP"= 6888:UDP:Torrent
"6889:TCP"= 6889:TCP:Torrent
"6889:UDP"= 6889:UDP:Torrent
"9336:TCP"= 9336:TCP:Torrent
"9336:UDP"= 9336:UDP:Torrent
"2346:TCP"= 2346:TCP:Lockdown
"2346:UDP"= 2346:UDP:Lockdown
"80:TCP"= 80:TCP:lockdown
"6667:UDP"= 6667:UDP:lockdown
"80:UDP"= 80:UDP:Lockdown
"1833:TCP"= 1833:TCP:apexdc++
"3702:UDP"= 3702:UDP:apexdc++

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-22 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 231704]
R2 ithsgt;ithsgt;c:\windows\system32\DRIVERS\ithsgt.sys [2006-07-25 162432]
R2 lilsgt;lilsgt;c:\windows\system32\DRIVERS\lilsgt.sys [2006-07-25 12032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-26 24652]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-10-05 13592]
S3 nenum13E;nenum13E;\??\c:\docume~1\JustinN\LOCALS~1\Temp\nenum13E.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{386988c5-b00f-11db-9664-001143753e42}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da43eba3-01be-11dd-99e9-001143753e42}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\JustinN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 00:12]

2008-12-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11]

2008-12-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mlb.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All Links with IDM - c:\documents and settings\JustinN\Desktop\idm\crack\IEGetAll.htm
IE: Download with IDM - c:\documents and settings\JustinN\Desktop\idm\crack\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com

c:\windows\Downloaded Program Files\BFHPatcher.exe - c:\windows\Downloaded Program Files\westpatcher.dll
O16 -: {784797A8-342D-4072-9486-03C8D0F2F0A1}
hxxp://t1.battlefield-heroes.com/patcher/westpatcher.cab
c:\windows\Downloaded Program Files\westpatcher.inf

c:\windows\Downloaded Program Files\installer.ocx - O16 -: {82FFA573-38AA-482A-99AD-91F697B91631}
hxxp://www.file2you.net/applet.cab

c:\windows\Downloaded Program Files\CNICAT.ocx - O16 -: {C190FF32-96D0-445F-9F60-5CF288FD3D0F}
hxxps://resnet.verify.binghamton.edu:8443/registration/CAT/CNICAT.cab

c:\windows\system32\mfc42.dll - c:\windows\Downloaded Program Files\AFCStarter.ocx
O16 -: {F0320816-41D9-49DD-B2F3-8E7B0AE32796}
hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
c:\windows\Downloaded Program Files\AFCStarter.inf
FireFox -: Profile - c:\documents and settings\JustinN\Application Data\Mozilla\Firefox\Profiles\ctwxmeqx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nfl.com/
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\JustinN\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 20:34:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1120)
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\UAService7.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-12-09 20:53:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 01:51:45
ComboFix2.txt 2008-12-09 21:11:08

Pre-Run: 5,513,900,032 bytes free
Post-Run: 5,478,785,024 bytes free

298 --- E O F --- 2008-12-08 20:54:18


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 10, 2008 15:10:18
Records in database: 1450005
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
I:\

Scan statistics:
Files scanned: 121024
Threat name: 12
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 04:53:58


File name / Threat name / Threats count
C:\Documents and Settings\JustinN\Application Data\Sun\Java\Deployment\cache\6.0\55\265b8ef7-16c1a232 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\JustinN\Desktop\fp2006-final-3.00-setup.exe Infected: Hoax.JS.BadJoke.RJump 1
C:\found.000\dir0001.chk\AVG7QT.DAT Infected: Trojan.Win32.Qhost.r 1
C:\Program Files\HTTP-Tunnel\uninstall.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.qe 1
C:\Qoobox\Quarantine\C\Documents and Settings\JustinN\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.aqyt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gs73gfidgf.dll.vir Infected: Trojan.Win32.Agent.artu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hsef73uhef.dll.vir Infected: Trojan.Win32.Agent.artu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir Infected: Trojan.Win32.VB.hfs 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-09@20.15.zip Infected: Trojan.Win32.Agent.asjd 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-09@20.15.zip Infected: Trojan-Dropper.Win32.VB.har 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-09@20.15.zip Infected: P2P-Worm.Win32.Small.au 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-09@20.15.zip Infected: Trojan.Win32.Agent.aram 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-09@20.15.zip Infected: Trojan-Downloader.Win32.Agent.aopb 1

The selected area was scanned.

[sUBs]

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\JustinN\Application Data\Sun\Java\Deployment\cache\6.0\55\265b8ef7-16c1a232"
"C:\Documents and Settings\JustinN\Desktop\fp2006-final-3.00-setup.exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[kbjustin]

the cmd screen came up and it said deleted successfully, one other thing i forgot to mention i have some search engine called yoog search that keeps popping as my search engine within firefox. I can change it but everytime i open firefox its set as the search engine

[sUBs]

Delete your existing copy of DDS.
Then download a fresh copy & show me the logs it produces

[kbjustin]

DDS (Version 1.0.1) - NTFSx86
Run by JustinN at 16:08:15.56 on Thu 12/11/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.637 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JustinN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\JustinN\Desktop\idm\crack\IDMan.exe
C:\Documents and Settings\JustinN\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://mlb.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\documents and settings\justinn\desktop\idm\crack\IDMIECC.dll
TB: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - c:\program files\netcraft toolbar\nctb.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\justinn\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IDMan] c:\documents and settings\justinn\desktop\idm\crack\IDMan.exe /onboot
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Download All Links with IDM - c:\documents and settings\justinn\desktop\idm\crack\IEGetAll.htm
IE: Download with IDM - c:\documents and settings\justinn\desktop\idm\crack\IEExt.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: interceptor.dll,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\window~4\MpShHook.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justinn\applic~1\mozilla\firefox\profiles\ctwxmeqx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.nfl.com/

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-22 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-13 26824]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-22 231704]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2006-7-25 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2006-7-25 12032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-1-26 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-10-5 13592]
S3 nenum13E;nenum13E;\??\c:\docume~1\justinn\locals~1\temp\nenum13E.sys []

=============== Created Last 30 ================


==================== Find3M ====================

2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-19 16:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-19 16:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-03-23 22:38 22,328 a------- c:\docume~1\justinn\applic~1\PnkBstrK.sys
2008-03-08 21:51 13,195 a------- c:\documents and settings\justinn\zguicfgw.dat
2007-04-13 15:41 159 a------- c:\program files\ImError.log
2007-04-13 15:31 27 a------- c:\program files\ips_uk.dat
2006-03-23 11:38 72 a------- c:\program files\CharSet.txt
2006-02-09 14:07 1,712,636 a------- c:\program files\WebSite.chm
2005-12-13 09:56 163 a------- c:\program files\PlugIn.ini
2005-12-12 16:15 2,174 a------- c:\program files\Models.ini
2005-09-19 10:48 3,262 a------- c:\program files\Impkcr.dat
2008-08-04 14:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 16:09:45.18 ===============

[sUBs]

Quote:

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

Your search engine is Google. Why do you say it's yoog?

[kbjustin]

i saw that too not sure why it says that, whenever i launch firefox the search engine bar in the top right(the one built into firefox) always says yoog search. Also once in a while when i try to go to a real site i get redirected to some random website or to the yoog site

[sUBs]

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@ECHO OFF
SET "PFL_=c:\docume~1\justinn\applic~1\mozilla\firefox\profiles\ctwxmeqx.default"
VFIND -tf "%PROGRAMFILES%\Mozilla Firefox\*.js" "%PROGRAMFILES%\Mozilla Firefox\*.cfg" "%PFL_%\*.js" >temp00
TYPE temp00|ZIP.EXE -@Sq For_sUBs temp00
DEL TEMP00
DEL %0

Save this as Dig.bat Choose to "Save type as - All Files"
It should look like this:
Double click on Dig.bat & allow it to run
It shall create a zipped file: For_sUBs.zip
Upload the file to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.