system locked out of internet, no antiviruses will run

botbry · 05-17-2009, 01:52 AM

Here's my story, awhile back i purchased DiabloII battlechest from a local walmart and never got around to doing anything with it. yesterday i was excited to get a chance to install and play. one problem, i open it up and there are none of the case sleeves with the serials on them. so either an employee has sticky fingers or/and they have terrible security and a customer stole it. regardless i call the store they tell me sorry im SOL they cant do anything. so i decided my last resort would be to go serial hunting, i figured legally a purchased the game so it shouldn't natter about the serial. this is where i get stupid. against every bone in my body i download an .exe file. i scan it with Spybot and AVG, shows "clean." so i kick myself and run it then everything goes to hell. i couldn't connect to the web, spybot wont show up even though it shows in the process list. avg runs thankfully and was able quarantine somethings and i gained web access again so i could post here. spybot is still not running even though it says it is. as i am typing i ran DDS and now GMER. GMER is taking forever, so i will just post the DDS.txt below here for now. once it finishes i will up the .zip. also today(5-17) im leaving for a trip i will be back on 5-20.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 2:50:55.22 on Sun 05/17/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1127 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iTunesControl\iTunesCtl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FrostWire SpeedUp Pro\FrostWire SpeedUp Pro.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HostManager] c:\program files\common files\aol\1131383480\ee\AOLSoftware.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193974951981
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 85.255.112.159,85.255.112.16
TCP: {B727EDF1-6F53-4FB3-9B2F-A2D455A04561} = 85.255.112.159,85.255.112.16
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\iq2qy2i1.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-7 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-7 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-7 353672]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-7 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-7 298776]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\google\update\GoogleUpdate.exe [2008-9-6 133104]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-12 603904]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-4-10 62794]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [2008-3-16 23808]
S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [2008-3-16 23936]

=============== Created Last 30 ================

2009-05-17 02:04 815,104 a------- c:\windows\system32\xvidcore.dll
2009-05-17 02:04 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-05-17 02:04 77,824 a------- c:\windows\system32\xvid.ax
2009-05-17 02:04 <DIR> --d----- c:\program files\Xvid
2009-05-17 01:53 3,532 a------- C:\drmHeader.bin
2009-05-16 02:58 386 ---shr-- C:\autorun.inf
2009-05-15 22:30 <DIR> --d----- c:\docume~1\owner\applic~1\Hoyle FaceCreator
2009-05-15 22:30 <DIR> --d----- c:\docume~1\owner\applic~1\Hoyle Puzzle and Board Games
2009-05-15 21:41 <DIR> --d----- c:\program files\Encore
2009-05-15 14:42 <DIR> --d----- c:\program files\VirtualDJ
2009-05-15 14:38 <DIR> --d----- c:\program files\Free Fire Screensaver
2009-05-15 14:37 <DIR> --d----- c:\docume~1\owner\applic~1\Laconic Software
2009-05-15 03:01 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-05-15 03:01 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-05-15 01:00 <DIR> --d----- c:\program files\FrostWire SpeedUp Pro
2009-05-15 00:49 <DIR> --d----- c:\program files\EZ Boosters
2009-05-14 19:55 <DIR> --d----- c:\program files\PeerGuardian2
2009-05-14 19:45 89,184 a------- c:\windows\system32\drivers\imagedrv.sys
2009-05-14 19:45 57,344 a------- c:\windows\system32\ImageDrive.cpl
2009-05-14 19:45 569,344 a------- c:\windows\system32\imagr5.dll
2009-05-14 19:45 544,768 a------- c:\windows\system32\imagx5.dll
2009-05-14 19:45 283,920 a------- c:\windows\system32\ImagXpr5.dll
2009-05-14 19:45 38,912 a------- c:\windows\system32\picn20.dll
2009-05-14 19:45 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-05-14 02:52 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-05-14 02:52 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-05-14 02:52 28,672 a------- c:\windows\system32\mousewheel.ocx
2009-05-13 21:16 <DIR> --d----- c:\program files\FixTunes
2009-05-13 20:58 <DIR> --d----- c:\program files\TuneUpMedia
2009-05-13 20:57 <DIR> --d----- c:\docume~1\owner\applic~1\TuneUpMedia
2009-05-13 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUpMedia
2009-05-12 15:53 <DIR> --d----- c:\program files\FrostWire
2009-05-12 03:18 <DIR> --d-h--- c:\windows\Icons
2009-05-12 02:47 2,328,704 a------- c:\windows\system32\TUKernel.exe
2009-05-12 01:54 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-05-12 01:54 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-05-12 01:54 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-05-12 01:54 <DIR> --d----- c:\docume~1\owner\applic~1\TuneUp Software
2009-05-12 01:53 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-05-12 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-05-12 01:52 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-11 23:20 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-11 19:03 <DIR> --d----- c:\program files\Vista Drive Icon
2009-05-10 02:51 117,248 a------- c:\windows\system32\ribbons.scr
2009-05-10 02:51 117,248 a------- c:\windows\system32\Mystify.scr
2009-05-10 02:50 773,120 a------- c:\windows\system32\bubbles.scr
2009-05-10 02:50 1,263,616 a------- c:\windows\system32\aurora.scr
2009-05-10 01:14 <DIR> --d----- c:\program files\IconPhile
2009-05-10 00:55 <DIR> --d----- c:\docume~1\owner\applic~1\Styler
2009-05-10 00:44 <DIR> --d----- c:\program files\Styler
2009-05-10 00:29 218,624 a------- c:\windows\system32\uxtheme.uxtender
2009-05-09 21:12 <DIR> --d----- c:\windows\system32\briblo dir
2009-05-09 20:53 532,480 a------- c:\windows\system32\FLIQLO.scr
2009-05-09 20:53 <DIR> --d----- c:\windows\system32\FLIQLO dir
2009-05-09 19:44 <DIR> --d----- c:\program files\Stardock
2009-05-09 18:08 <DIR> --d----- c:\docume~1\owner\applic~1\Bump Technologies, Inc
2009-05-09 16:01 46 a------- c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 16:01 <DIR> --d----- c:\docume~1\owner\applic~1\DonationCoder
2009-05-09 03:08 <DIR> --d----- c:\program files\LightScribe Template Labeler
2009-05-09 03:05 <DIR> --d----- c:\docume~1\owner\applic~1\Canneverbe_Limited
2009-05-08 20:05 <DIR> --d----- c:\program files\TrueTransparency
2009-05-08 19:51 <DIR> --d----- c:\program files\RocketDock
2009-05-08 18:39 <DIR> --d----- c:\docume~1\owner\applic~1\UBitMenu
2009-05-08 17:15 <DIR> --d----- c:\program files\CCleaner
2009-05-08 17:11 <DIR> --d----- c:\program files\VS Revo Group
2009-05-08 01:50 <DIR> --d----- c:\docume~1\owner\applic~1\iTunesControl
2009-05-08 01:50 <DIR> --d----- c:\program files\iTunesControl
2009-05-07 18:52 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-07 18:52 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-07 18:52 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-05-07 18:52 <DIR> --d----- c:\program files\Zone Labs
2009-05-07 18:52 350,192 a------- c:\windows\system32\vsconfig.xml
2009-05-07 18:49 <DIR> --d----- c:\windows\Internet Logs
2009-05-07 18:29 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 18:29 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 18:29 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-05-07 18:29 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-07 18:29 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-07 18:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-07 16:55 <DIR> --d----- c:\docume~1\owner\applic~1\Launchy
2009-05-05 02:04 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-05-01 10:59 <DIR> --d----- c:\program files\iTunes
2009-05-01 10:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 16:35 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-04-29 16:10 32,592 a------- c:\windows\system32\msonpmon.dll
2009-04-28 18:24 <DIR> --d----- c:\program files\AutoCAD 2009
2009-04-28 18:10 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-04-28 18:08 <DIR> --d----- c:\program files\common files\Autodesk Shared
2009-04-28 18:08 <DIR> --d----- c:\program files\Autodesk
2009-04-28 18:08 <DIR> --d----- c:\docume~1\owner\applic~1\Autodesk

==================== Find3M ====================

2009-05-10 00:29 218,624 a------- c:\windows\system32\uxtheme.dll
2009-04-12 09:04 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-06 01:06 286,720 -------- c:\windows\Setup1.exe
2009-03-31 21:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2008-05-08 13:06 284 ac------ c:\docume~1\owner\applic~1\wklnhst.dat
2008-04-13 20:12 60,416 ac-sh--- c:\windows\bricopacks\sysfiles\80_msimn.exe
2008-08-31 22:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 2:51:58.87 ===============

botbry · 05-17-2009, 02:10 AM

here is the .zip

**amateur** · 05-17-2009, 06:28 PM

Hello and welcome to TSF.

Please be informed that one or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

========================

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

To disable AVG:

Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

* Click on Tools.
* Select Advanced Settings.
* In the left hand pane, scroll down to "Resident Shield".
* In the main pane, deselect the option to "Enable Resident Shield."
* To re-enable AVG 8 later, please select "Enable Resident Shield" again.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-----------------------------------
Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

botbry · 05-21-2009, 07:58 PM

i hope you get my PM and reopen this because i had stated i would be on a trip and not have access to my computer. so here is the ComboFix log just in case.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 09-05-21.01 - Owner 05/21/2009 21:21.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1401 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\90fc5d76-97ca-4672-8bac-83b4c07a141b.ocx
c:\windows\system32\106c9aad-626d-444d-8ae2-ea706d4f42c6.dll
c:\windows\system32\drivers\gxvxcqyoyupugvrrfwfngwfodrgytrqstkvlu.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcjtgebixkmwntppelkijovmcxocugmndk.dll
D:\Autorun.inf
D:\Desktop.ini
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-17 06:04 . 2009-05-17 06:04 -------- d-----w c:\program files\Xvid
2009-05-17 06:04 . 2008-12-05 01:46 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-17 06:04 . 2008-12-05 01:42 815104 ----a-w c:\windows\system32\xvidcore.dll
2009-05-17 05:53 . 2009-05-17 06:04 3532 ----a-w C:\drmHeader.bin
2009-05-16 02:30 . 2009-05-18 02:42 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle FaceCreator
2009-05-16 02:30 . 2009-05-21 18:18 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games
2009-05-16 01:41 . 2009-05-16 01:41 -------- d-----w c:\program files\Encore
2009-05-15 18:42 . 2009-05-15 19:03 -------- d-----w c:\program files\VirtualDJ
2009-05-15 18:38 . 2009-05-15 18:38 -------- d-----w c:\program files\Free Fire Screensaver
2009-05-15 18:37 . 2009-05-15 18:37 -------- d-----w c:\documents and settings\Owner\Application Data\Laconic Software
2009-05-15 07:01 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-05-15 07:01 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-05-14 23:55 . 2009-05-22 01:04 -------- d-----w c:\program files\PeerGuardian2
2009-05-14 23:45 . 2003-03-29 20:45 89184 ----a-w c:\windows\system32\drivers\imagedrv.sys
2009-05-14 23:45 . 2001-07-06 22:24 283920 ----a-w c:\windows\system32\ImagXpr5.dll
2009-05-14 23:45 . 2001-07-06 18:41 569344 ----a-w c:\windows\system32\imagr5.dll
2009-05-14 23:45 . 2001-07-06 16:44 544768 ----a-w c:\windows\system32\imagx5.dll
2009-05-14 23:45 . 2001-06-26 12:15 38912 ----a-w c:\windows\system32\picn20.dll
2009-05-14 23:45 . 2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w c:\program files\Windows Sidebar
2009-05-14 12:24 . 2009-05-08 21:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-14 12:24 . 2009-05-08 21:35 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-14 12:24 . 2009-05-08 21:35 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-14 12:24 . 2009-05-08 21:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-14 12:24 . 2009-05-08 21:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-14 12:24 . 2009-05-08 21:35 1262880 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-05-14 12:24 . 2009-05-08 21:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-14 06:52 . 2003-01-26 17:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
2009-05-14 01:16 . 2009-05-14 01:17 -------- d-----w c:\program files\FixTunes
2009-05-14 00:58 . 2009-05-14 01:43 -------- d-----w c:\program files\TuneUpMedia
2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUpMedia
2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-05-12 07:18 . 2009-05-12 18:52 -------- d--h--w c:\windows\Icons
2009-05-12 06:47 . 2009-05-12 07:24 2328704 ----a-w c:\windows\system32\TUKernel.exe
2009-05-12 05:54 . 2009-05-12 05:54 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-12 05:54 . 2008-12-11 17:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-12 05:54 . 2009-05-12 05:54 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-12 05:54 . 2009-05-12 05:54 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software
2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-12 05:52 . 2009-05-12 05:52 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-12 03:20 . 2009-05-18 13:05 -------- d--h--w C:\$AVG8.VAULT$
2009-05-11 23:03 . 2009-05-11 23:03 -------- d-----w c:\program files\Vista Drive Icon
2009-05-11 21:33 . 2009-05-11 22:18 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\K-Meleon
2009-05-11 16:15 . 2009-05-11 16:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Opera
2009-05-10 06:51 . 2006-03-01 09:21 117248 ----a-w c:\windows\system32\ribbons.scr
2009-05-10 06:51 . 2006-03-03 18:42 117248 ----a-w c:\windows\system32\Mystify.scr
2009-05-10 06:50 . 2006-03-01 08:53 773120 ----a-w c:\windows\system32\bubbles.scr
2009-05-10 06:50 . 2006-03-01 09:21 1263616 ----a-w c:\windows\system32\aurora.scr
2009-05-10 05:14 . 2009-05-10 05:14 -------- d-----w c:\program files\IconPhile
2009-05-10 04:55 . 2009-05-10 06:21 -------- d-----w c:\documents and settings\Owner\Application Data\Styler
2009-05-10 04:44 . 2009-05-10 06:20 -------- d-----w c:\program files\Styler
2009-05-10 01:12 . 2009-05-13 04:47 -------- d-----w c:\windows\system32\briblo dir
2009-05-10 00:53 . 2009-05-10 01:31 -------- d-----w c:\windows\system32\FLIQLO dir
2009-05-10 00:53 . 2009-05-10 00:53 532480 ----a-w c:\windows\system32\FLIQLO.scr
2009-05-09 23:44 . 2009-05-09 23:44 -------- d-----w c:\program files\Stardock
2009-05-09 22:09 . 2009-05-09 22:09 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Bump Technologies, Inc
2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w c:\documents and settings\Owner\Application Data\Bump Technologies, Inc
2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 20:01 . 2009-05-09 20:01 -------- d-----w c:\documents and settings\Owner\Application Data\DonationCoder
2009-05-09 07:08 . 2009-05-09 07:08 -------- d-----w c:\program files\LightScribe Template Labeler
2009-05-09 07:07 . 2009-05-09 07:07 -------- d-----w c:\program files\Common Files\LightScribe
2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\documents and settings\Owner\Application Data\Canneverbe_Limited
2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\program files\CDBurnerXP
2009-05-09 00:05 . 2009-05-09 22:53 -------- d-----w c:\program files\TrueTransparency
2009-05-08 23:51 . 2009-05-09 18:10 -------- d-----w c:\program files\RocketDock
2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Owner\Application Data\UBitMenu
2009-05-08 22:39 . 2009-05-08 22:38 695642 ----a-w c:\documents and settings\Owner\Application Data\UBitMenu\unins000.exe
2009-05-08 21:36 . 2009-05-08 21:35 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-08 21:36 . 2009-05-07 22:29 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-05-08 21:36 . 2009-05-07 22:29 12552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
2009-05-08 21:36 . 2009-05-07 22:29 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-05-08 21:36 . 2009-05-07 22:29 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-05-08 21:36 . 2009-05-07 22:29 27656 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-05-08 21:32 . 2009-05-08 21:31 1083672 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-08 21:32 . 2009-05-08 21:31 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-08 21:32 . 2009-05-07 22:28 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-08 21:32 . 2009-05-07 22:28 1423640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-08 21:15 . 2009-05-08 21:15 -------- d-----w c:\program files\CCleaner
2009-05-08 21:11 . 2009-05-08 21:11 -------- d-----w c:\program files\VS Revo Group
2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\documents and settings\Owner\Application Data\iTunesControl
2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\program files\iTunesControl
2009-05-07 22:52 . 2009-05-07 22:52 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-07 22:52 . 2009-02-16 04:10 69000 ----a-w c:\windows\system32\zlcomm.dll
2009-05-07 22:52 . 2009-02-16 04:10 103816 ----a-w c:\windows\system32\zlcommdb.dll
2009-05-07 22:52 . 2009-02-16 04:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\program files\Zone Labs
2009-05-07 22:49 . 2009-05-22 01:22 -------- d-----w c:\windows\Internet Logs
2009-05-07 22:29 . 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-07 22:29 . 2009-05-08 21:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-07 22:29 . 2009-05-08 21:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-07 22:29 . 2009-05-08 21:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-07 22:29 . 2009-05-08 21:35 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 22:29 . 2009-05-21 22:26 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-07 22:28 . 2009-05-07 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-07 20:55 . 2009-05-07 20:56 -------- d-----w c:\documents and settings\Owner\Application Data\Launchy
2009-05-06 20:58 . 2009-05-06 21:13 -------- d-----w c:\documents and settings\Owner\Application Data\ImgBurn
2009-05-06 20:51 . 2009-05-06 20:51 -------- d-----w c:\program files\ImgBurn
2009-05-05 06:24 . 2009-05-05 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-05 06:13 . 2009-05-05 06:13 -------- d-----w c:\program files\Adobe Media Player
2009-05-05 06:09 . 2009-05-05 06:09 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-05 06:04 . 2009-05-05 06:04 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-01 14:59 . 2009-05-08 21:25 -------- d-----w c:\program files\iTunes
2009-05-01 14:59 . 2009-05-01 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 14:43 . 2009-05-01 14:43 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 20:38 . 2009-04-29 20:38 -------- d-----w c:\program files\Microsoft.NET
2009-04-29 20:35 . 2009-04-29 20:35 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-29 20:31 . 2009-04-29 20:31 -------- d--h--r C:\MSOCache
2009-04-29 20:10 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-29 19:59 . 2009-04-29 19:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-04-29 19:59 . 2009-05-07 20:17 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-28 22:24 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-04-28 22:24 . 2009-04-28 22:30 -------- d-----w c:\program files\AutoCAD 2009
2009-04-28 22:24 . 2009-04-28 22:24 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Autodesk
2009-04-28 22:10 . 2007-07-19 22:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-28 22:08 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\Owner\Application Data\Autodesk
2009-04-28 22:08 . 2009-04-28 22:30 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-28 22:08 . 2009-04-28 22:08 -------- d-----w c:\program files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 01:14 . 2009-05-22 01:19 1820672 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-05-18 03:37 . 2009-05-18 10:05 1129472 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-05-18 03:21 . 2009-02-28 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\FrostWire
2009-05-17 07:26 . 2006-02-01 19:37 -------- d-----w c:\program files\Common Files\Sierra On-Line
2009-05-17 06:39 . 2009-03-31 23:47 -------- d-----w c:\program files\trend micro
2009-05-16 07:19 . 2006-06-12 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 02:38 . 2008-12-01 21:27 -------- d-----w c:\program files\Diablo II
2009-05-16 02:32 . 2006-02-02 20:29 210376 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-15 07:20 . 2009-05-15 10:06 50176 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-05-15 07:00 . 2009-02-19 01:08 -------- d-----w c:\program files\Xilisoft
2009-05-14 23:46 . 2006-02-04 20:44 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Ahead
2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Common Files\Ahead
2009-05-14 23:16 . 2009-02-07 06:35 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-05-14 23:01 . 2006-03-14 00:57 -------- d-----w c:\program files\Nero
2009-05-14 22:53 . 2009-05-14 22:56 108544 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-05-14 22:31 . 2009-05-13 05:26 1184380 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-05-14 19:38 . 2007-04-29 06:08 -------- d-----w c:\documents and settings\Owner\Application Data\Nero
2009-05-14 17:50 . 2009-02-07 06:35 -------- d-----w c:\program files\Common Files\Nero
2009-05-13 05:03 . 2006-12-27 06:48 -------- d-----w c:\program files\DivX
2009-05-13 05:03 . 2005-11-07 17:10 -------- d-----w c:\program files\MSN Encarta Plus
2009-05-13 05:03 . 2006-07-30 22:11 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-05-13 04:54 . 2009-02-17 06:38 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-05-12 07:02 . 2009-05-12 07:03 249856 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-12 05:32 . 2009-01-23 00:39 -------- d-----w c:\documents and settings\Owner\Application Data\Thinstall
2009-05-10 04:29 . 2004-08-26 16:12 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-05-10 03:28 . 2005-11-07 17:05 -------- d-----w c:\program files\Google
2009-05-09 18:39 . 2006-06-10 23:59 45 -c--a-w c:\windows\popcinfo.dat
2009-05-09 01:53 . 2006-06-12 01:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 13:21 . 2007-06-19 03:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-08 04:09 . 2009-02-05 17:48 1060920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-07 15:55 . 2005-11-07 17:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 06:16 . 2005-11-07 17:10 -------- d-----w c:\program files\Common Files\Adobe
2009-05-01 14:59 . 2007-12-12 16:55 -------- d-----w c:\program files\Common Files\Apple
2009-05-01 14:59 . 2006-12-13 21:16 -------- d-----w c:\program files\iPod
2009-04-29 20:41 . 2005-11-07 17:03 -------- d-----w c:\program files\Microsoft Works
2009-04-29 20:40 . 2009-02-05 17:47 -------- d-----w c:\program files\MSBuild
2009-04-15 16:49 . 2006-06-12 20:40 -------- d-----w c:\program files\Yahoo!
2009-04-13 01:28 . 2009-04-06 17:43 -------- d-----w c:\documents and settings\Owner\Application Data\SPORE
2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\Oberon Media
2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\MSN Games
2009-04-12 18:24 . 2009-04-12 17:59 -------- d-----w c:\program files\Catan GmbH
2009-04-12 13:04 . 2007-03-16 00:44 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-11 18:38 . 2009-04-11 18:38 -------- d-----w c:\documents and settings\Owner\Application Data\rockbox.org
2009-04-11 16:41 . 2009-04-11 16:41 -------- d-----w c:\documents and settings\Owner\Application Data\XBMC
2009-04-09 20:40 . 2009-04-09 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-04-09 20:22 . 2006-02-04 20:29 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-04-06 05:06 . 2006-03-22 00:41 286720 ------w c:\windows\Setup1.exe
2009-04-03 23:03 . 2009-04-03 23:03 -------- d-----w c:\program files\AutoHotkey
2009-04-03 14:01 . 2009-04-03 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 13:59 . 2009-04-03 13:59 -------- d-----w c:\program files\QuickTime
2009-04-01 01:59 . 2008-10-09 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 00:39 . 2007-12-29 21:26 -------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-03-31 23:18 . 2009-03-31 23:18 -------- d-----w c:\documents and settings\Owner\Application Data\Songbird2
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:22 . 2009-04-01 00:47 1004081 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libglib-2.0-0.dll
2009-03-18 17:22 . 2009-04-01 00:47 892928 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\iconv.dll
2009-03-18 17:22 . 2009-04-01 00:47 45056 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\intl.dll
2009-03-18 17:22 . 2009-04-01 00:47 344064 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\sbIPDDevice.dll
2009-03-18 17:22 . 2009-04-01 00:47 417792 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgpod.dll
2009-03-18 17:22 . 2009-04-01 00:47 292108 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgobject-2.0-0.dll
2009-03-18 17:22 . 2009-04-01 00:47 8192 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\components\ComponentLoader.dll
2009-03-09 18:58 . 2009-03-31 23:22 548864 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll
2009-03-09 18:57 . 2009-03-31 23:22 159744 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-03-09 18:57 . 2009-03-31 23:22 106496 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:26 . 2009-02-28 03:26 0 ----a-w c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2007-01-23 19:07 . 2007-02-27 03:52 1847296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll
2008-03-10 05:01 . 2008-03-10 05:01 0 --sh--w c:\windows\S8A7177C2.tmp
2008-04-14 00:12 . 2008-12-01 06:23 60416 -csha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LyraUpdates"="c:\program files\RCA\Auto Updater\Auto Updater.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/7/2009 6:29 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 6:29 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 6:29 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/7/2009 6:28 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 6:28 PM 298776]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/12/2009 1:54 AM 603904]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2008 2:36 AM 133104]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [3/16/2008 2:02 PM 23808]
S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [3/16/2008 2:02 PM 23936]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36]

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-06 06:44]

2009-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351953409-1454491506-409785693-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iq2qy2i1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 21:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,f5,7a,db,1a,ae,74,cb,7a,8a,10,39,3b,3b,74,6d,a2,c7,eb,18,ae,
91,80,c9,6f,32,3e,d4,6a,00,c1,68,d1,bd,ee,55,84,3a,21,13,59,8a,76,10,35,85,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Completion time: 2009-05-22 21:28
ComboFix-quarantined-files.txt 2009-05-22 01:28

Pre-Run: 24,079,343,616 bytes free
Post-Run: 24,991,010,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=U4R753

393 --- E O F --- 2009-05-13 23:51

**amateur** · 05-22-2009, 07:34 AM

Hi,

Perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

botbry · 05-23-2009, 07:55 PM

i apologize for the wait, the scan took all day today.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 23, 2009 23:23:02
Records in database: 2228848
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 143397
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 08:36:55

File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Thinstall\ClubDJ Pro\40000031d00002i\ClubDJPro.exe Infected: Backdoor.Win32.IRCBot.jlf 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00021b Infected: Trojan.Win32.TDSS.adfn 1
C:\Documents and Settings\Owner\My Documents\dads folder\pop\3oh3 - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcqyoyupugvrrfwfngwfodrgytrqstkvlu.sys.vir Infected: Rootkit.Win32.Agent.kvr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcjtgebixkmwntppelkijovmcxocugmndk.dll.vir Infected: Trojan.Win32.Tdss.acdc 1
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

**amateur** · 05-23-2009, 08:59 PM

Hi,

Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop
Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:

File::
C:\Documents and Settings\Owner\Application Data\Thinstall\ClubDJ Pro\40000031d00002i\ClubDJPro.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00021b
C:\Documents and Settings\Owner\My Documents\dads folder\pop\3oh3 - best track ever.mp3

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

RegNull::
[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook*]

DDS::
uInternet Connection Wizard,ShellNext = iexplore

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply. Also, let me know how the computer is running now.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

botbry · 05-23-2009, 11:59 PM

My system seems to be running fine. thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 09-05-21.01 - Owner 05/24/2009 1:38.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1135 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

FILE ::
c:\documents and settings\Owner\Application Data\Thinstall\ClubDJ Pro\40000031d00002i\ClubDJPro.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00021b
c:\documents and settings\Owner\My Documents\dads folder\pop\3oh3 - best track ever.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Thinstall\ClubDJ Pro\40000031d00002i\ClubDJPro.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00021b
c:\documents and settings\Owner\My Documents\dads folder\pop\3oh3 - best track ever.mp3

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 04:42 . 2009-05-24 04:45 -------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-05-24 04:18 . 2009-05-24 04:18 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-24 04:15 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 04:15 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 04:15 . 2009-05-24 04:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 03:18 . 2009-05-24 04:41 -------- d-----w c:\program files\VideoLAN
2009-05-22 14:27 . 2009-05-22 15:51 117760 ----a-w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 14:25 . 2009-05-22 14:26 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 14:25 . 2009-05-22 14:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 13:08 . 2009-05-08 21:35 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-22 02:57 . 2009-05-22 03:02 -------- d-----w c:\program files\Magic MP3 Tagger
2009-05-17 06:04 . 2009-05-17 06:04 -------- d-----w c:\program files\Xvid
2009-05-17 06:04 . 2008-12-05 01:46 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-17 06:04 . 2008-12-05 01:42 815104 ----a-w c:\windows\system32\xvidcore.dll
2009-05-17 05:53 . 2009-05-17 06:04 3532 ----a-w C:\drmHeader.bin
2009-05-16 02:30 . 2009-05-18 02:42 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle FaceCreator
2009-05-16 02:30 . 2009-05-23 18:22 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games
2009-05-16 01:41 . 2009-05-16 01:41 -------- d-----w c:\program files\Encore
2009-05-15 18:42 . 2009-05-15 19:03 -------- d-----w c:\program files\VirtualDJ
2009-05-15 18:38 . 2009-05-15 18:38 -------- d-----w c:\program files\Free Fire Screensaver
2009-05-15 18:37 . 2009-05-15 18:37 -------- d-----w c:\documents and settings\Owner\Application Data\Laconic Software
2009-05-15 07:01 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-05-15 07:01 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-05-15 05:00 . 2009-05-15 05:02 -------- d-----w c:\program files\FrostWire SpeedUp Pro
2009-05-15 04:49 . 2009-05-15 04:53 -------- d-----w c:\program files\EZ Boosters
2009-05-14 23:55 . 2009-05-24 05:34 -------- d-----w c:\program files\PeerGuardian2
2009-05-14 23:45 . 2003-03-29 20:45 89184 ----a-w c:\windows\system32\drivers\imagedrv.sys
2009-05-14 23:45 . 2001-07-06 22:24 283920 ----a-w c:\windows\system32\ImagXpr5.dll
2009-05-14 23:45 . 2001-07-06 18:41 569344 ----a-w c:\windows\system32\imagr5.dll
2009-05-14 23:45 . 2001-07-06 16:44 544768 ----a-w c:\windows\system32\imagx5.dll
2009-05-14 23:45 . 2001-06-26 12:15 38912 ----a-w c:\windows\system32\picn20.dll
2009-05-14 23:45 . 2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w c:\program files\Windows Sidebar
2009-05-14 12:24 . 2009-05-14 12:24 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-14 12:24 . 2009-05-08 21:35 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-14 12:24 . 2009-05-08 21:35 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-14 12:24 . 2009-05-08 21:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-14 12:24 . 2009-05-08 21:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-14 12:24 . 2009-05-08 21:35 1262880 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-05-14 12:24 . 2009-05-08 21:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-14 06:52 . 2003-01-26 17:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
2009-05-14 01:16 . 2009-05-14 01:17 -------- d-----w c:\program files\FixTunes
2009-05-14 00:58 . 2009-05-14 01:43 -------- d-----w c:\program files\TuneUpMedia
2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUpMedia
2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-05-12 19:53 . 2009-05-22 03:18 -------- d-----w c:\program files\FrostWire
2009-05-12 07:18 . 2009-05-12 18:52 -------- d--h--w c:\windows\Icons
2009-05-12 06:47 . 2009-05-12 07:24 2328704 ----a-w c:\windows\system32\TUKernel.exe
2009-05-12 05:54 . 2009-05-12 05:54 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-12 05:54 . 2008-12-11 17:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-12 05:54 . 2009-05-12 05:54 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-12 05:54 . 2009-05-12 05:54 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software
2009-05-12 05:53 . 2009-05-22 01:39 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-12 05:52 . 2009-05-12 05:52 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-12 03:20 . 2009-05-22 15:24 -------- d--h--w C:\$AVG8.VAULT$
2009-05-11 23:03 . 2009-05-11 23:03 -------- d-----w c:\program files\Vista Drive Icon
2009-05-11 21:33 . 2009-05-11 22:18 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\K-Meleon
2009-05-11 16:15 . 2009-05-11 16:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Opera
2009-05-10 06:51 . 2006-03-01 09:21 117248 ----a-w c:\windows\system32\ribbons.scr
2009-05-10 06:51 . 2006-03-03 18:42 117248 ----a-w c:\windows\system32\Mystify.scr
2009-05-10 06:50 . 2006-03-01 08:53 773120 ----a-w c:\windows\system32\bubbles.scr
2009-05-10 06:50 . 2006-03-01 09:21 1263616 ----a-w c:\windows\system32\aurora.scr
2009-05-10 05:14 . 2009-05-10 05:14 -------- d-----w c:\program files\IconPhile
2009-05-10 04:55 . 2009-05-10 06:21 -------- d-----w c:\documents and settings\Owner\Application Data\Styler
2009-05-10 04:44 . 2009-05-10 06:20 -------- d-----w c:\program files\Styler
2009-05-10 01:12 . 2009-05-13 04:47 -------- d-----w c:\windows\system32\briblo dir
2009-05-10 00:53 . 2009-05-10 01:31 -------- d-----w c:\windows\system32\FLIQLO dir
2009-05-10 00:53 . 2009-05-10 00:53 532480 ----a-w c:\windows\system32\FLIQLO.scr
2009-05-09 23:44 . 2009-05-09 23:44 -------- d-----w c:\program files\Stardock
2009-05-09 22:09 . 2009-05-09 22:09 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Bump Technologies, Inc
2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w c:\documents and settings\Owner\Application Data\Bump Technologies, Inc
2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 20:01 . 2009-05-09 20:01 -------- d-----w c:\documents and settings\Owner\Application Data\DonationCoder
2009-05-09 07:08 . 2009-05-09 07:08 -------- d-----w c:\program files\LightScribe Template Labeler
2009-05-09 07:07 . 2009-05-09 07:07 -------- d-----w c:\program files\Common Files\LightScribe
2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\documents and settings\Owner\Application Data\Canneverbe_Limited
2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\program files\CDBurnerXP
2009-05-09 00:05 . 2009-05-09 22:53 -------- d-----w c:\program files\TrueTransparency
2009-05-08 23:51 . 2009-05-09 18:10 -------- d-----w c:\program files\RocketDock
2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Owner\Application Data\UBitMenu
2009-05-08 22:39 . 2009-05-08 22:38 695642 ----a-w c:\documents and settings\Owner\Application Data\UBitMenu\unins000.exe
2009-05-08 21:36 . 2009-05-08 21:35 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-08 21:36 . 2009-05-07 22:29 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-05-08 21:36 . 2009-05-07 22:29 12552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
2009-05-08 21:36 . 2009-05-07 22:29 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-05-08 21:36 . 2009-05-07 22:29 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-05-08 21:36 . 2009-05-07 22:29 27656 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-05-08 21:32 . 2009-05-08 21:31 1083672 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-08 21:32 . 2009-05-08 21:31 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-08 21:32 . 2009-05-08 21:31 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-08 21:32 . 2009-05-07 22:28 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-08 21:15 . 2009-05-08 21:15 -------- d-----w c:\program files\CCleaner
2009-05-08 21:11 . 2009-05-08 21:11 -------- d-----w c:\program files\VS Revo Group
2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\documents and settings\Owner\Application Data\iTunesControl
2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\program files\iTunesControl
2009-05-07 22:52 . 2009-05-07 22:52 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-07 22:52 . 2009-02-16 04:10 69000 ----a-w c:\windows\system32\zlcomm.dll
2009-05-07 22:52 . 2009-02-16 04:10 103816 ----a-w c:\windows\system32\zlcommdb.dll
2009-05-07 22:52 . 2009-02-16 04:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\program files\Zone Labs
2009-05-07 22:49 . 2009-05-24 05:39 -------- d-----w c:\windows\Internet Logs
2009-05-07 22:29 . 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-07 22:29 . 2009-05-08 21:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-07 22:29 . 2009-05-08 21:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-07 22:29 . 2009-05-08 21:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-07 22:29 . 2009-05-08 21:35 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 22:29 . 2009-05-23 12:34 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-07 22:28 . 2009-05-07 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-07 20:55 . 2009-05-07 20:56 -------- d-----w c:\documents and settings\Owner\Application Data\Launchy
2009-05-06 20:58 . 2009-05-06 21:13 -------- d-----w c:\documents and settings\Owner\Application Data\ImgBurn
2009-05-06 20:51 . 2009-05-06 20:51 -------- d-----w c:\program files\ImgBurn
2009-05-05 06:24 . 2009-05-05 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-05 06:13 . 2009-05-05 06:13 -------- d-----w c:\program files\Adobe Media Player
2009-05-05 06:09 . 2009-05-05 06:09 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-05 06:04 . 2009-05-05 06:04 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-01 14:59 . 2009-05-08 21:25 -------- d-----w c:\program files\iTunes
2009-05-01 14:59 . 2009-05-01 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 14:43 . 2009-05-01 14:43 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 20:38 . 2009-04-29 20:38 -------- d-----w c:\program files\Microsoft.NET
2009-04-29 20:35 . 2009-04-29 20:35 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-29 20:31 . 2009-04-29 20:31 -------- d--h--r C:\MSOCache
2009-04-29 20:10 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 05:31 . 2009-02-28 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\FrostWire
2009-05-22 14:25 . 2007-06-26 15:24 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-22 01:35 . 2006-06-12 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 01:14 . 2009-05-22 01:19 1820672 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-05-18 03:37 . 2009-05-18 10:05 1129472 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-05-17 07:26 . 2006-02-01 19:37 -------- d-----w c:\program files\Common Files\Sierra On-Line
2009-05-17 06:39 . 2009-03-31 23:47 -------- d-----w c:\program files\trend micro
2009-05-16 02:38 . 2008-12-01 21:27 -------- d-----w c:\program files\Diablo II
2009-05-16 02:32 . 2006-02-02 20:29 210376 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-15 07:20 . 2009-05-15 10:06 50176 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-05-15 07:00 . 2009-02-19 01:08 -------- d-----w c:\program files\Xilisoft
2009-05-14 23:46 . 2006-02-04 20:44 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Ahead
2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Common Files\Ahead
2009-05-14 23:16 . 2009-02-07 06:35 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-05-14 23:01 . 2006-03-14 00:57 -------- d-----w c:\program files\Nero
2009-05-14 22:53 . 2009-05-14 22:56 108544 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-05-14 22:31 . 2009-05-13 05:26 1184380 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-05-14 19:38 . 2007-04-29 06:08 -------- d-----w c:\documents and settings\Owner\Application Data\Nero
2009-05-14 17:50 . 2009-02-07 06:35 -------- d-----w c:\program files\Common Files\Nero
2009-05-13 05:03 . 2006-12-27 06:48 -------- d-----w c:\program files\DivX
2009-05-13 05:03 . 2005-11-07 17:10 -------- d-----w c:\program files\MSN Encarta Plus
2009-05-13 05:03 . 2006-07-30 22:11 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-05-13 04:54 . 2009-02-17 06:38 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-05-12 07:02 . 2009-05-12 07:03 249856 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-12 05:32 . 2009-01-23 00:39 -------- d-----w c:\documents and settings\Owner\Application Data\Thinstall
2009-05-10 04:29 . 2004-08-26 16:12 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-05-10 03:28 . 2005-11-07 17:05 -------- d-----w c:\program files\Google
2009-05-09 18:39 . 2006-06-10 23:59 45 -c--a-w c:\windows\popcinfo.dat
2009-05-09 01:53 . 2006-06-12 01:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 13:21 . 2007-06-19 03:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-08 04:09 . 2009-02-05 17:48 1060920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-07 15:55 . 2005-11-07 17:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 06:16 . 2005-11-07 17:10 -------- d-----w c:\program files\Common Files\Adobe
2009-05-01 14:59 . 2007-12-12 16:55 -------- d-----w c:\program files\Common Files\Apple
2009-05-01 14:59 . 2006-12-13 21:16 -------- d-----w c:\program files\iPod
2009-04-29 20:41 . 2005-11-07 17:03 -------- d-----w c:\program files\Microsoft Works
2009-04-29 20:40 . 2009-02-05 17:47 -------- d-----w c:\program files\MSBuild
2009-04-15 16:49 . 2006-06-12 20:40 -------- d-----w c:\program files\Yahoo!
2009-04-13 01:28 . 2009-04-06 17:43 -------- d-----w c:\documents and settings\Owner\Application Data\SPORE
2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\Oberon Media
2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\MSN Games
2009-04-12 18:24 . 2009-04-12 17:59 -------- d-----w c:\program files\Catan GmbH
2009-04-12 13:04 . 2007-03-16 00:44 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-11 18:38 . 2009-04-11 18:38 -------- d-----w c:\documents and settings\Owner\Application Data\rockbox.org
2009-04-11 16:41 . 2009-04-11 16:41 -------- d-----w c:\documents and settings\Owner\Application Data\XBMC
2009-04-09 20:40 . 2009-04-09 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-04-09 20:22 . 2006-02-04 20:29 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-04-06 05:06 . 2006-03-22 00:41 286720 ------w c:\windows\Setup1.exe
2009-04-03 23:03 . 2009-04-03 23:03 -------- d-----w c:\program files\AutoHotkey
2009-04-03 14:01 . 2009-04-03 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 13:59 . 2009-04-03 13:59 -------- d-----w c:\program files\QuickTime
2009-04-01 01:59 . 2008-10-09 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 00:39 . 2007-12-29 21:26 -------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-03-31 23:18 . 2009-03-31 23:18 -------- d-----w c:\documents and settings\Owner\Application Data\Songbird2
2009-03-31 22:41 . 2006-10-13 18:48 -------- d-----w c:\program files\LimeWire
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:22 . 2009-04-01 00:47 1004081 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libglib-2.0-0.dll
2009-03-18 17:22 . 2009-04-01 00:47 892928 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\iconv.dll
2009-03-18 17:22 . 2009-04-01 00:47 45056 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\intl.dll
2009-03-18 17:22 . 2009-04-01 00:47 344064 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\sbIPDDevice.dll
2009-03-18 17:22 . 2009-04-01 00:47 417792 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgpod.dll
2009-03-18 17:22 . 2009-04-01 00:47 292108 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgobject-2.0-0.dll
2009-03-18 17:22 . 2009-04-01 00:47 8192 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\components\ComponentLoader.dll
2009-03-09 18:58 . 2009-03-31 23:22 548864 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll
2009-03-09 18:57 . 2009-03-31 23:22 159744 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-03-09 18:57 . 2009-03-31 23:22 106496 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:26 . 2009-02-28 03:26 0 ----a-w c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2007-01-23 19:07 . 2007-02-27 03:52 1847296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll
2008-03-10 05:01 . 2008-03-10 05:01 0 --sh--w c:\windows\S8A7177C2.tmp
2008-04-14 00:12 . 2008-12-01 06:23 60416 -csha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-22_01.25.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 15:49 . 2009-05-22 15:49 16384 c:\windows\TEMP\Perflib_Perfdata_3a0.dat
+ 2009-05-22 14:26 . 2009-05-22 14:26 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-05-22 14:26 . 2009-05-22 14:26 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LyraUpdates"="c:\program files\RCA\Auto Updater\Auto Updater.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/7/2009 6:29 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 6:29 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 6:29 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/7/2009 6:28 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 6:28 PM 298776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/24/2009 12:15 AM 179856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/12/2009 1:54 AM 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/24/2009 12:15 AM 15504]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2008 2:36 AM 133104]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [3/16/2008 2:02 PM 23808]
S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [3/16/2008 2:02 PM 23936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - PGFILTER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36]

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-06 06:44]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351953409-1454491506-409785693-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 10:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iq2qy2i1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 01:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,f5,7a,db,1a,ae,74,cb,7a,8a,10,39,3b,3b,74,6d,a2,c7,eb,18,ae,
91,80,c9,6f,32,3e,d4,6a,00,c1,68,d1,bd,ee,55,84,3a,21,13,59,8a,76,10,35,85,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-24 1:43
ComboFix-quarantined-files.txt 2009-05-24 05:43
ComboFix2.txt 2009-05-22 01:28

Pre-Run: 21,788,241,920 bytes free
Post-Run: 21,846,872,064 bytes free

411 --- E O F --- 2009-05-13 23:51

**amateur** · 05-24-2009, 06:49 AM

Hi,

Quote:

My system seems to be running fine. thank you.

Good to hear that.

If you have no further malware issues, you're all set to go. The logs are clean.

Click Start then Run
Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!

If you wish to support and contribute to the ongoing development of ComboFix, donations via PayPal will be accepted.

botbry · 05-24-2009, 11:16 PM

so even after all of this AVG is still popping up saying that something is infected as a trojan. the below image is a screenshot of the virus vault. im not sure if that will help.

**amateur** · 05-25-2009, 05:37 AM

Hi,

Have you performed my instructions to un-install Combofix?

Those are in the System Restore cache where windows keeps the system restore points. They cannot harm you from there unless you carry out a manual roll back to an infected restore point. However, when Combofix is un-installed, the system restore cache will be flushed.

Quote:

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

botbry · 05-25-2009, 11:34 AM

ok i have now uninstalled ComboFix. thank you very much for your help. If i have any other problems that pop should i post back? or start a new thread and maybe have a link referencing to this thread?

**amateur** · 05-25-2009, 12:47 PM

You should not receive any more warnings from AVG. I'll stay subscribed to this thread couple more days, just in case, and you can let me know.

botbry · 05-25-2009, 01:28 PM

ok thank you very much!

**amateur** · 05-28-2009, 04:34 PM

Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Surf Safely, and Think Prevention!

05-17-2009, 01:52 AM	#1 (permalink)
botbry Registered User Join Date: Mar 2009 Location: PA Posts: 149 OS: Windows 7 x64 Home Premium	system locked out of internet, no antiviruses will run Here's my story, awhile back i purchased DiabloII battlechest from a local walmart and never got around to doing anything with it. yesterday i was excited to get a chance to install and play. one problem, i open it up and there are none of the case sleeves with the serials on them. so either an employee has sticky fingers or/and they have terrible security and a customer stole it. regardless i call the store they tell me sorry im SOL they cant do anything. so i decided my last resort would be to go serial hunting, i figured legally a purchased the game so it shouldn't natter about the serial. this is where i get stupid. against every bone in my body i download an .exe file. i scan it with Spybot and AVG, shows "clean." so i kick myself and run it then everything goes to hell. i couldn't connect to the web, spybot wont show up even though it shows in the process list. avg runs thankfully and was able quarantine somethings and i gained web access again so i could post here. spybot is still not running even though it says it is. as i am typing i ran DDS and now GMER. GMER is taking forever, so i will just post the DDS.txt below here for now. once it finishes i will up the .zip. also today(5-17) im leaving for a trip i will be back on 5-20. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_09-05-14.01) - NTFSx86 Run by Owner at 2:50:55.22 on Sun 05/17/2009 Internet Explorer: 8.0.6001.18241 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1127 [GMT -4:00] AV: AVG Anti-Virus On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\iTunesControl\iTunesCtl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\FrostWire SpeedUp Pro\FrostWire SpeedUp Pro.exe C:\Program Files\FrostWire\FrostWire.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [HostManager] c:\program files\common files\aol\1131383480\ee\AOLSoftware.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe uPolicies-system: RunStartupScriptSync = 1 (0x1) mPolicies-system: RunStartupScriptSync = 1 (0x1) IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193974951981 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 85.255.112.159,85.255.112.16 TCP: {B727EDF1-6F53-4FB3-9B2F-A2D455A04561} = 85.255.112.159,85.255.112.16 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\iq2qy2i1.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\windows\system32\photosynth\nppsynth.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-7 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 325896] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-7 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-7 353672] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-7 908568] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-7 298776] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S1 SASKUTIL;SASKUTIL; [x] S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\google\update\GoogleUpdate.exe [2008-9-6 133104] S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-12 603904] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-4-10 62794] S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [2008-3-16 23808] S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [2008-3-16 23936] =============== Created Last 30 ================ 2009-05-17 02:04 815,104 a------- c:\windows\system32\xvidcore.dll 2009-05-17 02:04 180,224 a------- c:\windows\system32\xvidvfw.dll 2009-05-17 02:04 77,824 a------- c:\windows\system32\xvid.ax 2009-05-17 02:04 <DIR> --d----- c:\program files\Xvid 2009-05-17 01:53 3,532 a------- C:\drmHeader.bin 2009-05-16 02:58 386 ---shr-- C:\autorun.inf 2009-05-15 22:30 <DIR> --d----- c:\docume~1\owner\applic~1\Hoyle FaceCreator 2009-05-15 22:30 <DIR> --d----- c:\docume~1\owner\applic~1\Hoyle Puzzle and Board Games 2009-05-15 21:41 <DIR> --d----- c:\program files\Encore 2009-05-15 14:42 <DIR> --d----- c:\program files\VirtualDJ 2009-05-15 14:38 <DIR> --d----- c:\program files\Free Fire Screensaver 2009-05-15 14:37 <DIR> --d----- c:\docume~1\owner\applic~1\Laconic Software 2009-05-15 03:01 45,056 a------- c:\windows\system32\WNASPI32.DLL 2009-05-15 03:01 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS 2009-05-15 01:00 <DIR> --d----- c:\program files\FrostWire SpeedUp Pro 2009-05-15 00:49 <DIR> --d----- c:\program files\EZ Boosters 2009-05-14 19:55 <DIR> --d----- c:\program files\PeerGuardian2 2009-05-14 19:45 89,184 a------- c:\windows\system32\drivers\imagedrv.sys 2009-05-14 19:45 57,344 a------- c:\windows\system32\ImageDrive.cpl 2009-05-14 19:45 569,344 a------- c:\windows\system32\imagr5.dll 2009-05-14 19:45 544,768 a------- c:\windows\system32\imagx5.dll 2009-05-14 19:45 283,920 a------- c:\windows\system32\ImagXpr5.dll 2009-05-14 19:45 38,912 a------- c:\windows\system32\picn20.dll 2009-05-14 19:45 155,648 a------- c:\windows\system32\NeroCheck.exe 2009-05-14 02:52 40,960 a------- c:\windows\system32\ssubtmr6.dll 2009-05-14 02:52 36,864 a------- c:\windows\system32\trayicon_handler.ocx 2009-05-14 02:52 28,672 a------- c:\windows\system32\mousewheel.ocx 2009-05-13 21:16 <DIR> --d----- c:\program files\FixTunes 2009-05-13 20:58 <DIR> --d----- c:\program files\TuneUpMedia 2009-05-13 20:57 <DIR> --d----- c:\docume~1\owner\applic~1\TuneUpMedia 2009-05-13 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUpMedia 2009-05-12 15:53 <DIR> --d----- c:\program files\FrostWire 2009-05-12 03:18 <DIR> --d-h--- c:\windows\Icons 2009-05-12 02:47 2,328,704 a------- c:\windows\system32\TUKernel.exe 2009-05-12 01:54 603,904 a------- c:\windows\system32\TUProgSt.exe 2009-05-12 01:54 27,904 a------- c:\windows\system32\uxtuneup.dll 2009-05-12 01:54 360,192 a------- c:\windows\system32\TuneUpDefragService.exe 2009-05-12 01:54 <DIR> --d----- c:\docume~1\owner\applic~1\TuneUp Software 2009-05-12 01:53 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-05-12 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software 2009-05-12 01:52 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} 2009-05-11 23:20 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-05-11 19:03 <DIR> --d----- c:\program files\Vista Drive Icon 2009-05-10 02:51 117,248 a------- c:\windows\system32\ribbons.scr 2009-05-10 02:51 117,248 a------- c:\windows\system32\Mystify.scr 2009-05-10 02:50 773,120 a------- c:\windows\system32\bubbles.scr 2009-05-10 02:50 1,263,616 a------- c:\windows\system32\aurora.scr 2009-05-10 01:14 <DIR> --d----- c:\program files\IconPhile 2009-05-10 00:55 <DIR> --d----- c:\docume~1\owner\applic~1\Styler 2009-05-10 00:44 <DIR> --d----- c:\program files\Styler 2009-05-10 00:29 218,624 a------- c:\windows\system32\uxtheme.uxtender 2009-05-09 21:12 <DIR> --d----- c:\windows\system32\briblo dir 2009-05-09 20:53 532,480 a------- c:\windows\system32\FLIQLO.scr 2009-05-09 20:53 <DIR> --d----- c:\windows\system32\FLIQLO dir 2009-05-09 19:44 <DIR> --d----- c:\program files\Stardock 2009-05-09 18:08 <DIR> --d----- c:\docume~1\owner\applic~1\Bump Technologies, Inc 2009-05-09 16:01 46 a------- c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat 2009-05-09 16:01 <DIR> --d----- c:\docume~1\owner\applic~1\DonationCoder 2009-05-09 03:08 <DIR> --d----- c:\program files\LightScribe Template Labeler 2009-05-09 03:05 <DIR> --d----- c:\docume~1\owner\applic~1\Canneverbe_Limited 2009-05-08 20:05 <DIR> --d----- c:\program files\TrueTransparency 2009-05-08 19:51 <DIR> --d----- c:\program files\RocketDock 2009-05-08 18:39 <DIR> --d----- c:\docume~1\owner\applic~1\UBitMenu 2009-05-08 17:15 <DIR> --d----- c:\program files\CCleaner 2009-05-08 17:11 <DIR> --d----- c:\program files\VS Revo Group 2009-05-08 01:50 <DIR> --d----- c:\docume~1\owner\applic~1\iTunesControl 2009-05-08 01:50 <DIR> --d----- c:\program files\iTunesControl 2009-05-07 18:52 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-05-07 18:52 1,221,512 a------- c:\windows\system32\zpeng25.dll 2009-05-07 18:52 <DIR> --d----- c:\windows\system32\ZoneLabs 2009-05-07 18:52 <DIR> --d----- c:\program files\Zone Labs 2009-05-07 18:52 350,192 a------- c:\windows\system32\vsconfig.xml 2009-05-07 18:49 <DIR> --d----- c:\windows\Internet Logs 2009-05-07 18:29 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-07 18:29 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 18:29 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-05-07 18:29 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-07 18:29 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-05-07 18:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-05-07 16:55 <DIR> --d----- c:\docume~1\owner\applic~1\Launchy 2009-05-05 02:04 <DIR> --d----- c:\program files\common files\Macrovision Shared 2009-05-01 10:59 <DIR> --d----- c:\program files\iTunes 2009-05-01 10:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-29 16:35 <DIR> --d----- c:\program files\Microsoft Visual Studio 8 2009-04-29 16:10 32,592 a------- c:\windows\system32\msonpmon.dll 2009-04-28 18:24 <DIR> --d----- c:\program files\AutoCAD 2009 2009-04-28 18:10 3,727,720 a------- c:\windows\system32\d3dx9_35.dll 2009-04-28 18:08 <DIR> --d----- c:\program files\common files\Autodesk Shared 2009-04-28 18:08 <DIR> --d----- c:\program files\Autodesk 2009-04-28 18:08 <DIR> --d----- c:\docume~1\owner\applic~1\Autodesk ==================== Find3M ==================== 2009-05-10 00:29 218,624 a------- c:\windows\system32\uxtheme.dll 2009-04-12 09:04 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-04-06 01:06 286,720 -------- c:\windows\Setup1.exe 2009-03-31 21:59 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll 2008-05-08 13:06 284 ac------ c:\docume~1\owner\applic~1\wklnhst.dat 2008-04-13 20:12 60,416 ac-sh--- c:\windows\bricopacks\sysfiles\80_msimn.exe 2008-08-31 22:29 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat ============= FINISH: 2:51:58.87 ===============

05-17-2009, 06:28 PM	#3 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,440 OS: XP SP3	Re: system locked out of internet, no antiviruses will run Hello and welcome to TSF. Please be informed that one or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud? ======================== Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools To disable AVG: Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar. * Click on Tools. * Select Advanced Settings. * In the left hand pane, scroll down to "Resident Shield". * In the main pane, deselect the option to "Enable Resident Shield." * To re-enable AVG 8 later, please select "Enable Resident Shield" again. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. # Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. ----------------------------------- Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE** since 2006

05-21-2009, 07:58 PM	#4 (permalink)
botbry Registered User Join Date: Mar 2009 Location: PA Posts: 149 OS: Windows 7 x64 Home Premium	Re: system locked out of internet, no antiviruses will run i hope you get my PM and reopen this because i had stated i would be on a trip and not have access to my computer. so here is the ComboFix log just in case. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix 09-05-21.01 - Owner 05/21/2009 21:21.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1401 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\90fc5d76-97ca-4672-8bac-83b4c07a141b.ocx c:\windows\system32\106c9aad-626d-444d-8ae2-ea706d4f42c6.dll c:\windows\system32\drivers\gxvxcqyoyupugvrrfwfngwfodrgytrqstkvlu.sys c:\windows\system32\gxvxccounter c:\windows\system32\gxvxcjtgebixkmwntppelkijovmcxocugmndk.dll D:\Autorun.inf D:\Desktop.ini K:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS ((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 ))))))))))))))))))))))))))))))) . 2009-05-17 06:04 . 2009-05-17 06:04 -------- d-----w c:\program files\Xvid 2009-05-17 06:04 . 2008-12-05 01:46 180224 ----a-w c:\windows\system32\xvidvfw.dll 2009-05-17 06:04 . 2008-12-05 01:42 815104 ----a-w c:\windows\system32\xvidcore.dll 2009-05-17 05:53 . 2009-05-17 06:04 3532 ----a-w C:\drmHeader.bin 2009-05-16 02:30 . 2009-05-18 02:42 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle FaceCreator 2009-05-16 02:30 . 2009-05-21 18:18 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games 2009-05-16 01:41 . 2009-05-16 01:41 -------- d-----w c:\program files\Encore 2009-05-15 18:42 . 2009-05-15 19:03 -------- d-----w c:\program files\VirtualDJ 2009-05-15 18:38 . 2009-05-15 18:38 -------- d-----w c:\program files\Free Fire Screensaver 2009-05-15 18:37 . 2009-05-15 18:37 -------- d-----w c:\documents and settings\Owner\Application Data\Laconic Software 2009-05-15 07:01 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL 2009-05-15 07:01 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS 2009-05-14 23:55 . 2009-05-22 01:04 -------- d-----w c:\program files\PeerGuardian2 2009-05-14 23:45 . 2003-03-29 20:45 89184 ----a-w c:\windows\system32\drivers\imagedrv.sys 2009-05-14 23:45 . 2001-07-06 22:24 283920 ----a-w c:\windows\system32\ImagXpr5.dll 2009-05-14 23:45 . 2001-07-06 18:41 569344 ----a-w c:\windows\system32\imagr5.dll 2009-05-14 23:45 . 2001-07-06 16:44 544768 ----a-w c:\windows\system32\imagx5.dll 2009-05-14 23:45 . 2001-06-26 12:15 38912 ----a-w c:\windows\system32\picn20.dll 2009-05-14 23:45 . 2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe 2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w c:\program files\Windows Sidebar 2009-05-14 12:24 . 2009-05-08 21:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-14 12:24 . 2009-05-08 21:35 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-05-14 12:24 . 2009-05-08 21:35 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-05-14 12:24 . 2009-05-08 21:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-05-14 12:24 . 2009-05-08 21:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll 2009-05-14 12:24 . 2009-05-08 21:35 1262880 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll 2009-05-14 12:24 . 2009-05-08 21:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll 2009-05-14 06:52 . 2003-01-26 17:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll 2009-05-14 01:16 . 2009-05-14 01:17 -------- d-----w c:\program files\FixTunes 2009-05-14 00:58 . 2009-05-14 01:43 -------- d-----w c:\program files\TuneUpMedia 2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUpMedia 2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUpMedia 2009-05-12 07:18 . 2009-05-12 18:52 -------- d--h--w c:\windows\Icons 2009-05-12 06:47 . 2009-05-12 07:24 2328704 ----a-w c:\windows\system32\TUKernel.exe 2009-05-12 05:54 . 2009-05-12 05:54 603904 ----a-w c:\windows\system32\TUProgSt.exe 2009-05-12 05:54 . 2008-12-11 17:31 27904 ----a-w c:\windows\system32\uxtuneup.dll 2009-05-12 05:54 . 2009-05-12 05:54 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-05-12 05:54 . 2009-05-12 05:54 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software 2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\program files\TuneUp Utilities 2009 2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2009-05-12 05:52 . 2009-05-12 05:52 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-05-12 03:20 . 2009-05-18 13:05 -------- d--h--w C:\$AVG8.VAULT$ 2009-05-11 23:03 . 2009-05-11 23:03 -------- d-----w c:\program files\Vista Drive Icon 2009-05-11 21:33 . 2009-05-11 22:18 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\K-Meleon 2009-05-11 16:15 . 2009-05-11 16:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Opera 2009-05-10 06:51 . 2006-03-01 09:21 117248 ----a-w c:\windows\system32\ribbons.scr 2009-05-10 06:51 . 2006-03-03 18:42 117248 ----a-w c:\windows\system32\Mystify.scr 2009-05-10 06:50 . 2006-03-01 08:53 773120 ----a-w c:\windows\system32\bubbles.scr 2009-05-10 06:50 . 2006-03-01 09:21 1263616 ----a-w c:\windows\system32\aurora.scr 2009-05-10 05:14 . 2009-05-10 05:14 -------- d-----w c:\program files\IconPhile 2009-05-10 04:55 . 2009-05-10 06:21 -------- d-----w c:\documents and settings\Owner\Application Data\Styler 2009-05-10 04:44 . 2009-05-10 06:20 -------- d-----w c:\program files\Styler 2009-05-10 01:12 . 2009-05-13 04:47 -------- d-----w c:\windows\system32\briblo dir 2009-05-10 00:53 . 2009-05-10 01:31 -------- d-----w c:\windows\system32\FLIQLO dir 2009-05-10 00:53 . 2009-05-10 00:53 532480 ----a-w c:\windows\system32\FLIQLO.scr 2009-05-09 23:44 . 2009-05-09 23:44 -------- d-----w c:\program files\Stardock 2009-05-09 22:09 . 2009-05-09 22:09 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Bump Technologies, Inc 2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w c:\documents and settings\Owner\Application Data\Bump Technologies, Inc 2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat 2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat 2009-05-09 20:01 . 2009-05-09 20:01 -------- d-----w c:\documents and settings\Owner\Application Data\DonationCoder 2009-05-09 07:08 . 2009-05-09 07:08 -------- d-----w c:\program files\LightScribe Template Labeler 2009-05-09 07:07 . 2009-05-09 07:07 -------- d-----w c:\program files\Common Files\LightScribe 2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\documents and settings\Owner\Application Data\Canneverbe_Limited 2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\program files\CDBurnerXP 2009-05-09 00:05 . 2009-05-09 22:53 -------- d-----w c:\program files\TrueTransparency 2009-05-08 23:51 . 2009-05-09 18:10 -------- d-----w c:\program files\RocketDock 2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Owner\Application Data\UBitMenu 2009-05-08 22:39 . 2009-05-08 22:38 695642 ----a-w c:\documents and settings\Owner\Application Data\UBitMenu\unins000.exe 2009-05-08 21:36 . 2009-05-08 21:35 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-08 21:36 . 2009-05-07 22:29 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll 2009-05-08 21:36 . 2009-05-07 22:29 12552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys 2009-05-08 21:36 . 2009-05-07 22:29 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys 2009-05-08 21:36 . 2009-05-07 22:29 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-05-08 21:36 . 2009-05-07 22:29 27656 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys 2009-05-08 21:32 . 2009-05-08 21:31 1083672 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-05-08 21:32 . 2009-05-08 21:31 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-05-08 21:32 . 2009-05-07 22:28 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe 2009-05-08 21:32 . 2009-05-07 22:28 1423640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-08 21:15 . 2009-05-08 21:15 -------- d-----w c:\program files\CCleaner 2009-05-08 21:11 . 2009-05-08 21:11 -------- d-----w c:\program files\VS Revo Group 2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\documents and settings\Owner\Application Data\iTunesControl 2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\program files\iTunesControl 2009-05-07 22:52 . 2009-05-07 22:52 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-05-07 22:52 . 2009-02-16 04:10 69000 ----a-w c:\windows\system32\zlcomm.dll 2009-05-07 22:52 . 2009-02-16 04:10 103816 ----a-w c:\windows\system32\zlcommdb.dll 2009-05-07 22:52 . 2009-02-16 04:10 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\windows\system32\ZoneLabs 2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\program files\Zone Labs 2009-05-07 22:49 . 2009-05-22 01:22 -------- d-----w c:\windows\Internet Logs 2009-05-07 22:29 . 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-07 22:29 . 2009-05-08 21:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 22:29 . 2009-05-08 21:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-05-07 22:29 . 2009-05-08 21:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-07 22:29 . 2009-05-08 21:35 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-07 22:29 . 2009-05-21 22:26 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-07 22:28 . 2009-05-07 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-07 20:55 . 2009-05-07 20:56 -------- d-----w c:\documents and settings\Owner\Application Data\Launchy 2009-05-06 20:58 . 2009-05-06 21:13 -------- d-----w c:\documents and settings\Owner\Application Data\ImgBurn 2009-05-06 20:51 . 2009-05-06 20:51 -------- d-----w c:\program files\ImgBurn 2009-05-05 06:24 . 2009-05-05 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-05-05 06:13 . 2009-05-05 06:13 -------- d-----w c:\program files\Adobe Media Player 2009-05-05 06:09 . 2009-05-05 06:09 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-05-05 06:04 . 2009-05-05 06:04 -------- d-----w c:\program files\Common Files\Macrovision Shared 2009-05-01 14:59 . 2009-05-08 21:25 -------- d-----w c:\program files\iTunes 2009-05-01 14:59 . 2009-05-01 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-01 14:43 . 2009-05-01 14:43 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-29 20:38 . 2009-04-29 20:38 -------- d-----w c:\program files\Microsoft.NET 2009-04-29 20:35 . 2009-04-29 20:35 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-04-29 20:31 . 2009-04-29 20:31 -------- d--h--r C:\MSOCache 2009-04-29 20:10 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll 2009-04-29 19:59 . 2009-04-29 19:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help 2009-04-29 19:59 . 2009-05-07 20:17 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-28 22:24 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-04-28 22:24 . 2009-04-28 22:30 -------- d-----w c:\program files\AutoCAD 2009 2009-04-28 22:24 . 2009-04-28 22:24 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Autodesk 2009-04-28 22:10 . 2007-07-19 22:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll 2009-04-28 22:08 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\Owner\Application Data\Autodesk 2009-04-28 22:08 . 2009-04-28 22:30 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-04-28 22:08 . 2009-04-28 22:08 -------- d-----w c:\program files\Autodesk . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-22 01:14 . 2009-05-22 01:19 1820672 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-05-18 03:37 . 2009-05-18 10:05 1129472 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-05-18 03:21 . 2009-02-28 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\FrostWire 2009-05-17 07:26 . 2006-02-01 19:37 -------- d-----w c:\program files\Common Files\Sierra On-Line 2009-05-17 06:39 . 2009-03-31 23:47 -------- d-----w c:\program files\trend micro 2009-05-16 07:19 . 2006-06-12 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-16 02:38 . 2008-12-01 21:27 -------- d-----w c:\program files\Diablo II 2009-05-16 02:32 . 2006-02-02 20:29 210376 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-15 07:20 . 2009-05-15 10:06 50176 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-05-15 07:00 . 2009-02-19 01:08 -------- d-----w c:\program files\Xilisoft 2009-05-14 23:46 . 2006-02-04 20:44 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead 2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Ahead 2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Common Files\Ahead 2009-05-14 23:16 . 2009-02-07 06:35 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-05-14 23:01 . 2006-03-14 00:57 -------- d-----w c:\program files\Nero 2009-05-14 22:53 . 2009-05-14 22:56 108544 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-05-14 22:31 . 2009-05-13 05:26 1184380 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-05-14 19:38 . 2007-04-29 06:08 -------- d-----w c:\documents and settings\Owner\Application Data\Nero 2009-05-14 17:50 . 2009-02-07 06:35 -------- d-----w c:\program files\Common Files\Nero 2009-05-13 05:03 . 2006-12-27 06:48 -------- d-----w c:\program files\DivX 2009-05-13 05:03 . 2005-11-07 17:10 -------- d-----w c:\program files\MSN Encarta Plus 2009-05-13 05:03 . 2006-07-30 22:11 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent 2009-05-13 04:54 . 2009-02-17 06:38 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-05-12 07:02 . 2009-05-12 07:03 249856 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-05-12 05:32 . 2009-01-23 00:39 -------- d-----w c:\documents and settings\Owner\Application Data\Thinstall 2009-05-10 04:29 . 2004-08-26 16:12 218624 ----a-w c:\windows\system32\uxtheme.dll 2009-05-10 03:28 . 2005-11-07 17:05 -------- d-----w c:\program files\Google 2009-05-09 18:39 . 2006-06-10 23:59 45 -c--a-w c:\windows\popcinfo.dat 2009-05-09 01:53 . 2006-06-12 01:17 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-08 13:21 . 2007-06-19 03:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-08 04:09 . 2009-02-05 17:48 1060920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-07 15:55 . 2005-11-07 17:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-05 06:16 . 2005-11-07 17:10 -------- d-----w c:\program files\Common Files\Adobe 2009-05-01 14:59 . 2007-12-12 16:55 -------- d-----w c:\program files\Common Files\Apple 2009-05-01 14:59 . 2006-12-13 21:16 -------- d-----w c:\program files\iPod 2009-04-29 20:41 . 2005-11-07 17:03 -------- d-----w c:\program files\Microsoft Works 2009-04-29 20:40 . 2009-02-05 17:47 -------- d-----w c:\program files\MSBuild 2009-04-15 16:49 . 2006-06-12 20:40 -------- d-----w c:\program files\Yahoo! 2009-04-13 01:28 . 2009-04-06 17:43 -------- d-----w c:\documents and settings\Owner\Application Data\SPORE 2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\Oberon Media 2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\MSN Games 2009-04-12 18:24 . 2009-04-12 17:59 -------- d-----w c:\program files\Catan GmbH 2009-04-12 13:04 . 2007-03-16 00:44 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-11 18:38 . 2009-04-11 18:38 -------- d-----w c:\documents and settings\Owner\Application Data\rockbox.org 2009-04-11 16:41 . 2009-04-11 16:41 -------- d-----w c:\documents and settings\Owner\Application Data\XBMC 2009-04-09 20:40 . 2009-04-09 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe 2009-04-09 20:22 . 2006-02-04 20:29 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead 2009-04-06 05:06 . 2006-03-22 00:41 286720 ------w c:\windows\Setup1.exe 2009-04-03 23:03 . 2009-04-03 23:03 -------- d-----w c:\program files\AutoHotkey 2009-04-03 14:01 . 2009-04-03 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-04-03 13:59 . 2009-04-03 13:59 -------- d-----w c:\program files\QuickTime 2009-04-01 01:59 . 2008-10-09 21:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-01 00:39 . 2007-12-29 21:26 -------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound 2009-03-31 23:18 . 2009-03-31 23:18 -------- d-----w c:\documents and settings\Owner\Application Data\Songbird2 2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-18 17:22 . 2009-04-01 00:47 1004081 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libglib-2.0-0.dll 2009-03-18 17:22 . 2009-04-01 00:47 892928 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\iconv.dll 2009-03-18 17:22 . 2009-04-01 00:47 45056 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\intl.dll 2009-03-18 17:22 . 2009-04-01 00:47 344064 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\sbIPDDevice.dll 2009-03-18 17:22 . 2009-04-01 00:47 417792 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgpod.dll 2009-03-18 17:22 . 2009-04-01 00:47 292108 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgobject-2.0-0.dll 2009-03-18 17:22 . 2009-04-01 00:47 8192 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\components\ComponentLoader.dll 2009-03-09 18:58 . 2009-03-31 23:22 548864 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll 2009-03-09 18:57 . 2009-03-31 23:22 159744 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll 2009-03-09 18:57 . 2009-03-31 23:22 106496 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll 2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-28 03:26 . 2009-02-28 03:26 0 ----a-w c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2007-01-23 19:07 . 2007-02-27 03:52 1847296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll 2008-03-10 05:01 . 2008-03-10 05:01 0 --sh--w c:\windows\S8A7177C2.tmp 2008-04-14 00:12 . 2008-12-01 06:23 60416 -csha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2008-06-24 41824] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "nwiz"=nwiz.exe /install "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "LyraUpdates"="c:\program files\RCA\Auto Updater\Auto Updater.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "NeroCheck"=c:\windows\system32\NeroCheck.exe "Recguard"=%WINDIR%\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLDesktop.exe"= "c:\\Program Files\\Diablo II\\Diablo II.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/7/2009 6:29 PM 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 6:29 PM 325896] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 6:29 PM 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/7/2009 6:28 PM 908568] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 6:28 PM 298776] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/12/2009 1:54 AM 603904] S1 SASKUTIL;SASKUTIL; [x] S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2008 2:36 AM 133104] S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [3/16/2008 2:02 PM 23808] S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [3/16/2008 2:02 PM 23936] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-05-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36] 2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-05-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-09-06 06:44] 2009-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351953409-1454491506-409785693-1003.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 10:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iq2qy2i1.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-21 21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\SecuROM\License information] "datasecu"=hex:1d,f5,7a,db,1a,ae,74,cb,7a,8a,10,39,3b,3b,74,6d,a2,c7,eb,18,ae, 91,80,c9,6f,32,3e,d4,6a,00,c1,68,d1,bd,ee,55,84,3a,21,13,59,8a,76,10,35,85,\ "rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9 . Completion time: 2009-05-22 21:28 ComboFix-quarantined-files.txt 2009-05-22 01:28 Pre-Run: 24,079,343,616 bytes free Post-Run: 24,991,010,816 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=U4R753 393 --- E O F --- 2009-05-13 23:51

05-22-2009, 07:34 AM	#5 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,440 OS: XP SP3	Re: system locked out of internet, no antiviruses will run Hi, Perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner Note To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

05-23-2009, 07:55 PM	#6 (permalink)
botbry Registered User Join Date: Mar 2009 Location: PA Posts: 149 OS: Windows 7 x64 Home Premium	Re: system locked out of internet, no antiviruses will run i apologize for the wait, the scan took all day today. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Saturday, May 23, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Saturday, May 23, 2009 23:23:02 Records in database: 2228848 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Files scanned: 143397 Threat name: 6 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 08:36:55 File name / Threat name / Threats count C:\Documents and Settings\Owner\Application Data\Thinstall\ClubDJ Pro\40000031d00002i\ClubDJPro.exe Infected: Backdoor.Win32.IRCBot.jlf 1 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00021b Infected: Trojan.Win32.TDSS.adfn 1 C:\Documents and Settings\Owner\My Documents\dads folder\pop\3oh3 - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcqyoyupugvrrfwfngwfodrgytrqstkvlu.sys.vir Infected: Rootkit.Win32.Agent.kvr 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcjtgebixkmwntppelkijovmcxocugmndk.dll.vir Infected: Trojan.Win32.Tdss.acdc 1 D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 The selected area was scanned.

05-23-2009, 08:59 PM	#7 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,440 OS: XP SP3	Re: system locked out of internet, no antiviruses will run Hi, Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work) Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktop Click Format and ensure Wordwrap is unchecked. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Code: File:: C:\Documents and Settings\Owner\Application Data\Thinstall\ClubDJ Pro\40000031d00002i\ClubDJPro.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00021b C:\Documents and Settings\Owner\My Documents\dads folder\pop\3oh3 - best track ever.mp3 Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000000 RegLock:: [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] RegNull:: [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook] DDS:: uInternet Connection Wizard,ShellNext = iexplore Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Also, let me know how the computer is running now. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall __________________ My services are free. However, you can donate to TSF* to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 Last edited by amateur; 05-23-2009 at 09:14 PM.

05-25-2009, 11:34 AM	#12 (permalink)
botbry Registered User Join Date: Mar 2009 Location: PA Posts: 149 OS: Windows 7 x64 Home Premium	Re: system locked out of internet, no antiviruses will run ok i have now uninstalled ComboFix. thank you very much for your help. If i have any other problems that pop should i post back? or start a new thread and maybe have a link referencing to this thread?

05-25-2009, 12:47 PM	#13 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,440 OS: XP SP3	Re: system locked out of internet, no antiviruses will run You should not receive any more warnings from AVG. I'll stay subscribed to this thread couple more days, just in case, and you can let me know. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

05-25-2009, 01:28 PM	#14 (permalink)
botbry Registered User Join Date: Mar 2009 Location: PA Posts: 149 OS: Windows 7 x64 Home Premium	Re: system locked out of internet, no antiviruses will run ok thank you very much!

05-28-2009, 04:34 PM	#15 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,440 OS: XP SP3	Re: system locked out of internet, no antiviruses will run Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html Surf Safely, and Think Prevention! __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006