hijackthis results said there are suspicous findings....what does that mean?

**tibidis** · 04-18-2009 03:59 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:20 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232117994375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\rotirufe.dll,C:\windows\system32\dovamewo.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\SYSTEM32\ROTIRUFE.DLL (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\SYSTEM32\ROTIRUFE.DLL (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c9a2721f672196) (gupdate1c9a2721f672196) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe

--
End of file - 7387 bytes

**JohnB151** · 04-23-2009 07:03 AM

Hi and welcome to the Help2Go forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

These rules are good for you to know:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me how long it will take so the topic will not be closed.

These rules are to make my voluntary work more comfortable:

Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
Please reply to this thread. Do not start a new topic.
Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

Finally, please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

Start HijackThis
Click on the Open The Misc Tool Section button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also post a new HijackThis log.

Regards,
John.

**tibidis** · 04-23-2009 02:07 PM

9Dragons
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.5
Ango´s Game Collection
ASRock OC Tuner
AVG Free 8.5
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
Dead Space™
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVDx 2.3
EA Download Manager
Fast Browser Search Protection
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
Google Gears
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Java(TM) 6 Update 12
Java(TM) 6 Update 4
K-Lite Mega Codec Pack 3.8.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Combat Flight Simulator 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX 9.0 SDK
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
MSXML 6.0 Parser (KB925673)
Need for Speed™ Undercover
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA ForceWare Network Access Manager
NVIDIA Performance
NVIDIA Performance
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Monitor
NVIDIA System Update
NVIDIA System Update
Philips Retractable PC Controller
Picasa 3
PokerStars
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SUPERAntiSpyware Professional
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VirtuaGirl HD
Vuze
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Search 4.0
Windows XP Service Pack 3

thanks...I would appreciate any help you can offer..

**tibidis** · 04-23-2009 02:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:44 PM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\PnkBstrB.exe
D:\Program Files\AnGo´s Game Collection\MR Driller\driller.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232117994375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\rotirufe.dll,C:\windows\system32\dovamewo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c9a2721f672196) (gupdate1c9a2721f672196) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 7863 bytes

**JohnB151** · 04-24-2009 02:59 PM

Hi,

There are certainly some infections on your system, so let's try and cure them first.

You aren't running Firewall Software. Please download and install one of them first!

Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:

If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.

Here are some firewalls which are free for personal use and most used:
Kerio Personal Firewall (Free version after 30 days)
Online Armor Free

Or you could buy their paid version online or in a shop nearby:
Kerio Personal Firewall (Continue paid version after 30 days)
Online Armor or Online Armor AV+ with Anti-Virus included

As you did this, we can begin with the fix.

Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Go on with the ComboFix guide when it opens its log please post it together with a new HijackThis log.

Also let me know if you know anything about restrictions in Internet Explorer or Control Panel. In your log there were some signs of restrictions made on your system, so if you did not do if yourself or if it was not done by the person owning the computer (parents/boss for instance) the restrictions can be deleted. Please let me know.

Regards,
John.

**tibidis** · 04-24-2009 05:22 PM

ComboFix 09-04-25.03 - Danny 04/24/2009 18:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2321 [GMT -4:00]
Running from: c:\documents and settings\Danny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\epowemot.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-23 17:37 . 2009-04-23 17:37 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-04-23 17:36 . 2009-04-23 17:36 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\NVIDIA Corporation
2009-04-23 00:07 . 2009-04-23 00:07 -------- d-----w c:\documents and settings\Danny\Application Data\PlayFirst
2009-04-23 00:07 . 2009-04-23 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-22 23:24 . 2009-04-22 23:29 29 ----a-w c:\windows\popcinfo.dat
2009-04-22 23:19 . 2009-04-22 23:19 1725 ----a-w c:\windows\carax95.ini
2009-04-22 22:43 . 2009-04-22 22:43 -------- d-sh--w c:\windows\ftpcache
2009-04-22 22:38 . 2009-04-22 22:38 -------- d-----w c:\documents and settings\Danny\Application Data\Taito Legends
2009-04-22 00:17 . 2009-04-22 00:17 -------- d--h--r c:\documents and settings\Danny\Application Data\SecuROM
2009-04-22 00:13 . 2009-04-22 00:13 -------- d-----w c:\documents and settings\Danny\Application Data\Leadertech
2009-04-21 23:49 . 2009-04-21 23:49 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-21 23:48 . 2006-01-06 14:10 7548 ----a-w c:\windows\system32\drivers\Samhid.sys
2009-04-21 23:48 . 2006-01-04 20:39 77824 ----a-w c:\windows\system32\FDRdriver.dll
2009-04-21 23:48 . 2007-06-14 19:38 487424 ----a-w c:\windows\system32\FDRpage.dll
2009-04-21 23:48 . 2007-06-08 14:59 204800 ----a-w c:\windows\system32\CreateDir.exe
2009-04-18 22:39 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 22:39 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 07:02 . 2009-04-16 07:02 127 ----a-w c:\windows\system32\MRT.INI
2009-04-16 07:02 . 2009-04-16 07:02 -------- d-----w c:\windows\system32\MpEngineStore
2009-04-16 07:00 . 2009-04-16 07:02 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 06:21 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 06:21 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:18 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:18 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:18 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:18 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:18 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:18 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:18 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:18 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-12 18:43 . 2009-04-22 22:29 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-12 18:43 . 2009-04-12 18:43 22328 ----a-w c:\documents and settings\Danny\Application Data\PnkBstrK.sys
2009-04-12 18:43 . 2009-04-22 22:29 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-12 18:43 . 2009-04-22 00:17 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-12 17:44 . 2009-04-12 17:44 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\Electronic Arts
2009-04-12 17:41 . 2009-04-12 17:41 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w C:\ProgramData
2009-04-12 17:40 . 2009-04-12 17:40 2784 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\Downloaded Installations
2009-04-12 06:34 . 2009-04-12 06:34 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-12 06:33 . 2009-04-12 16:50 -------- d-----w c:\windows\Internet Logs
2009-04-11 11:46 . 2009-02-24 19:35 129784 ------w c:\windows\system32\pxafs.dll
2009-04-11 11:46 . 2009-02-24 19:35 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-04-11 11:46 . 2009-02-24 19:35 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-11 08:13 . 2009-04-11 08:13 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-11 08:11 . 2009-04-11 08:11 -------- d-sh--w c:\documents and settings\Danny\IETldCache
2009-04-11 08:09 . 2009-04-11 08:32 -------- d-----w c:\windows\ie8updates
2009-04-11 08:09 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-11 08:07 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-11 00:51 . 2009-04-11 00:51 -------- d-----w c:\documents and settings\Danny\Application Data\Yahoo!
2009-04-10 23:59 . 2009-04-10 23:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 23:59 . 2009-04-10 23:59 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 23:59 . 2009-04-24 12:15 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 23:59 . 2009-04-12 17:23 -------- d-----w c:\documents and settings\Danny\Application Data\AVGTOOLBAR
2009-04-10 23:59 . 2009-04-10 23:59 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 23:04 . 2009-04-10 23:04 -------- d-----w C:\HJT
2009-04-10 17:33 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-10 17:02 . 2009-04-10 17:07 -------- d-----w C:\IE-SPYAD
2009-04-10 16:05 . 2009-04-10 16:05 -------- d-----w c:\documents and settings\Danny\Application Data\Malwarebytes
2009-04-10 16:05 . 2009-04-10 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 15:53 . 2009-04-10 15:57 -------- d-----w c:\windows\SxsCaPendDel
2009-04-10 14:40 . 2009-04-10 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-10 14:40 . 2009-04-18 21:52 -------- d-----w c:\documents and settings\Danny\Application Data\SUPERAntiSpyware.com
2009-04-10 14:31 . 2009-04-10 14:37 159 ----a-w c:\windows\wininit.ini
2009-04-09 06:49 . 2009-04-09 06:50 -------- d-----w c:\windows\system32\Adobe
2009-04-03 03:29 . 2009-04-12 16:59 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-31 20:36 . 2009-04-01 01:27 -------- d-----w c:\documents and settings\Danny\Application Data\Move Networks
2009-03-31 20:22 . 2009-03-31 20:22 8192 ----a-w C:\mtwb.dat
2009-03-31 18:05 . 2009-03-31 18:06 754 ----a-w c:\windows\WORDPAD.INI
2009-03-29 03:14 . 2009-04-10 22:57 0 ----a-w c:\documents and settings\Danny\Local Settings\Application Data\prvlcl.dat
2009-03-27 06:21 . 2009-03-27 06:21 -------- d-----w c:\documents and settings\Danny\Application Data\vghd
2009-03-27 05:31 . 2001-08-18 02:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-03-27 05:31 . 2001-08-18 02:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-03-27 05:31 . 2001-08-18 02:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-03-27 05:31 . 2001-08-18 02:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-03-27 05:31 . 2001-08-17 18:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-03-27 05:31 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-03-27 05:31 . 2001-08-17 18:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-03-27 05:31 . 2001-08-17 18:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-03-27 05:31 . 2008-04-13 23:09 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-03-27 05:31 . 2008-04-13 23:09 6144 ----a-w c:\windows\system32\kbd106.dll
2009-03-27 05:31 . 2001-08-17 18:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-03-27 05:31 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101b.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 22:14 . 2009-03-19 15:38 -------- d-----w c:\program files\DNA
2009-04-24 22:14 . 2009-03-19 15:38 -------- d-----w c:\documents and settings\Danny\Application Data\DNA
2009-04-24 22:03 . 2009-01-16 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-24 21:38 . 2009-03-19 15:39 -------- d-----w c:\documents and settings\Danny\Application Data\BitTorrent
2009-04-24 02:48 . 2009-04-22 08:42 246180 ----a-w C:\drivertimer.txt
2009-04-23 17:39 . 2009-01-16 13:57 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-23 17:39 . 2009-01-16 13:57 -------- d-----w c:\program files\AGEIA Technologies
2009-04-23 17:38 . 2009-01-16 13:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 17:38 . 2009-01-16 13:58 -------- d-----w c:\program files\NVIDIA Corporation
2009-04-22 05:25 . 2009-03-11 22:26 -------- d-----w c:\program files\9Dragons
2009-04-22 00:01 . 2009-04-22 00:01 -------- d-----w c:\program files\EA Games
2009-04-21 23:48 . 2009-04-21 23:48 -------- d-----w c:\program files\PHILIPS
2009-04-20 02:21 . 2009-01-16 15:38 -------- d-----w c:\documents and settings\Danny\Application Data\LimeWire
2009-04-18 22:39 . 2009-04-18 22:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 21:52 . 2009-04-10 14:40 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-17 02:55 . 2009-04-13 16:09 -------- d-----w c:\program files\PokerStars
2009-04-14 20:56 . 2009-01-16 14:51 -------- d-----w c:\program files\Google
2009-04-14 13:30 . 2009-04-13 03:27 -------- d-----w c:\program files\PokerStars.NET
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w c:\program files\Electronic Arts
2009-04-12 17:40 . 2009-01-16 17:23 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 16:50 . 2009-04-11 00:51 -------- d-----w c:\program files\Yahoo!
2009-04-12 16:50 . 2009-03-17 06:05 -------- d-----w c:\program files\Trojan Remover
2009-04-12 07:05 . 2009-01-20 07:39 -------- d-----w c:\documents and settings\Danny\Application Data\Winamp
2009-04-12 06:51 . 2009-03-11 19:16 -------- d-----w c:\program files\Pando Networks
2009-04-12 06:34 . 2009-04-12 06:34 -------- d-----w c:\program files\Zone Labs
2009-04-12 05:43 . 2009-01-16 17:35 -------- d-----w c:\documents and settings\Danny\Application Data\Azureus
2009-04-11 11:47 . 2009-01-18 22:04 -------- d-----w c:\documents and settings\Danny\Application Data\DivX
2009-04-11 11:46 . 2009-04-02 09:16 -------- d-----w c:\program files\DivX
2009-04-11 11:45 . 2009-04-11 11:41 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-11 09:00 . 2009-01-16 14:52 -------- d-----w c:\program files\Vuze
2009-04-11 00:01 . 2009-01-16 16:29 13664 ----a-w c:\documents and settings\Danny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 23:38 . 2009-03-17 06:05 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 17:17 . 2009-04-10 17:17 -------- d-----w c:\program files\Trend Micro
2009-03-30 20:53 . 2009-03-30 20:53 -------- d-----w c:\program files\Fast Browser SearchP
2009-03-29 05:35 . 2009-03-29 05:35 -------- d-----w c:\program files\Common Files\DirectX
2009-03-29 00:04 . 2009-03-29 00:04 -------- d-----w c:\program files\AVG
2009-03-27 04:28 . 2009-03-21 20:40 -------- d-----w c:\program files\MySpace
2009-03-21 20:40 . 2009-03-21 20:40 -------- d-----w c:\documents and settings\Danny\Application Data\MySpace
2009-03-19 15:38 . 2009-03-19 15:38 -------- d-----w c:\program files\BitTorrent
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 06:18 . 2009-03-19 06:18 -------- d-----w c:\program files\WinPcap
2009-03-17 06:17 . 2009-01-16 15:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 06:17 . 2009-01-16 14:28 -------- d-----w c:\program files\Java
2009-03-17 06:05 . 2009-03-17 06:05 -------- d-----w c:\documents and settings\Danny\Application Data\Simply Super Software
2009-03-11 23:43 . 2009-03-11 23:43 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-11 19:17 . 2009-03-11 19:17 204 ----a-w C:\Plugins
2009-03-09 17:44 . 2009-01-16 14:23 -------- d-----w c:\documents and settings\Mike\Application Data\BitTorrent
2009-03-06 14:22 . 2008-02-11 03:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-02-11 03:14 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-27 17:43 . 2009-01-16 14:59 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-09 12:10 . 2008-02-11 03:11 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-02-11 03:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-02-11 03:12 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-02-11 03:09 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-02-11 03:13 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-02-11 03:12 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-02-11 03:12 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-02-11 03:12 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-02-11 03:12 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-16 14:52 . 2009-01-16 14:52 12328 ----a-w c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2009-01-16 13:56 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2009-01-16 23:09 507904 679A7259741F6A09994F02CE261B5F2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-19 321344]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-12 16859136]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-1-18 357712]

c:\documents and settings\Danny\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-10 23:59 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Program Files\\Dead Space\\Dead Space.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R2 gupdate1c9a2721f672196;Google Update Service (gupdate1c9a2721f672196);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-22 2839290]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-01-16 78848]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2006-01-06 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cfdd0e5-e3d2-11dd-956b-92fb5d3e4d3a}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:52]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-ASRock OC Tuner - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 18:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-2052111302-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:85,09,4f,cb,b5,d0,91,f8,fc,97,4c,24,ae,10,27,45,e0,fc,5f,ce,81,
d7,6d,99,cc,87,94,84,e8,9c,52,1e,67,87,93,60,15,66,9c,32,aa,9e,51,b2,62,97,\
"rkeysecu"=hex:43,4d,8b,2e,d9,0c,07,cb,13,73,da,7d,c2,59,8f,70
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Danny\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\searchindexer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-04-24 18:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 22:17

Pre-Run: 17,547,341,824 bytes free
Post-Run: 18,069,438,464 bytes free

304 --- E O F --- 2009-04-16 07:02

**tibidis** · 04-24-2009 05:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:58 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232117994375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c9a2721f672196) (gupdate1c9a2721f672196) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 7610 bytes

**tibidis** · 04-24-2009 05:33 PM

but I dont even know where to begin to look...sadly, I am computer illiterate..lol. can you help me?

**JohnB151** · 04-25-2009 07:35 AM

Hi,

but I dont even know where to begin to look...sadly, I am computer illiterate..lol. can you help me?

Hehe, the only thing that you have to do after posting your logs is to return to what your normally do and come back when I post the next instructions.

I went through both logs and noted a couple of things that were strange.

We have a policy here at Help2Go of not giving assistance to those using P2P (torrent) programs for a couple of reasons. First, we cannot support the downloading of pirated material as you are actually stealing someone else's property! Second, downloading from P2P sites is the easiest way to be infected with malware.

There's little point our experts spending their valuable time helping to clean your machine if continued use of P2P software means you get infected over and over again. Please remove all your P2P software:

Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):

Azureus
BitTorrent
BitTorrent DNA (or just DNA)
LimeWire

Step 1: Upload malware for scanning
I'd like you to check a file/some files for malware.

Go to VirusTotal or Jotti's

c:\windows\carax95.ini
c:\windows\imsins.BAK
c:\windows\system32\MRT.INI

Copy/Paste the first file on the list into the white Upload a file box.
Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programs.
After a while, a window will open, with details of what the scans found.
Save the complete results in a Notepad/Word document on your desktop.
Repeat for all files on the list.

Step 2: Download and Run ComboFix
Before running ComboFix again please delete the existing copy from your desktop so you can download and run the latest version. Make sure ComboFix.exe is gone from your desktop before going on with the next bit of instruction.

Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Go on with the ComboFix guide. Please let ComboFix install Recovery Console as it could help you save important documents in case your system becomes unbootable in the future.

When ComboFix opens its log please keep it open to post it back to me.

Step 3: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):

New HijackThis log
All VirusTotal/Jotti results
ComboFix log

Regards,
John.

**tibidis** · 04-29-2009 04:59 PM

File carax95.ini received on 04.29.2009 23:51:34 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.29 -
AhnLab-V3 5.0.0.2 2009.04.29 -
AntiVir 7.9.0.156 2009.04.29 -
Antiy-AVL 2.0.3.1 2009.04.29 -
Authentium 5.1.2.4 2009.04.29 -
Avast 4.8.1335.0 2009.04.29 -
AVG 8.5.0.327 2009.04.29 -
BitDefender 7.2 2009.04.29 -
CAT-QuickHeal 10.00 2009.04.29 -
ClamAV 0.94.1 2009.04.29 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.04.29 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6482 2009.04.29 -
F-Prot 4.4.4.56 2009.04.29 -
F-Secure 8.0.14470.0 2009.04.29 -
Fortinet 3.117.0.0 2009.04.29 -
GData 19 2009.04.29 -
Ikarus T3.1.1.49.0 2009.04.29 -
K7AntiVirus 7.10.719 2009.04.29 -
Kaspersky 7.0.0.125 2009.04.29 -
McAfee 5600 2009.04.29 -
McAfee+Artemis 5600 2009.04.29 -
McAfee-GW-Edition 6.7.6 2009.04.29 -
Microsoft 1.4602 2009.04.29 -
NOD32 4043 2009.04.29 -
Norman 6.01.05 2009.04.29 -
nProtect 2009.1.8.0 2009.04.29 -
Panda 10.0.0.14 2009.04.29 -
PCTools 4.4.2.0 2009.04.29 -
Prevx1 3.0 2009.04.29 -
Rising 21.27.22.00 2009.04.29 -
Sophos 4.41.0 2009.04.29 -
Sunbelt 3.2.1858.2 2009.04.29 -
Symantec 1.4.4.12 2009.04.29 -
TheHacker 6.3.4.1.317 2009.04.29 -
TrendMicro 8.950.0.1092 2009.04.29 -
VBA32 3.12.10.3 2009.04.29 -
ViRobot 2009.4.29.1715 2009.04.29 -
VirusBuster 4.6.5.0 2009.04.29 -
Additional information
File size: 1725 bytes
MD5...: a4a76a16494ffad9c473b0ae20155fe8
SHA1..: 7e2562127b73f92939f50b4ed49f2465536a9000
SHA256: 3758857ddbdf8c0acb28e3429a11fa2245b4727c361903415c770308dca51e33
SHA512: 44fd6f7845a6ac4c6dfbd58f83fa8cef6f36841a1d67cf19198388d91e931d56
e8e8989bef8077283b7824450c3f5ef648084da175b613ecdd0304d796d85ae8
ssdeep: 48:gxfwtDe2kHsHkOrQNnaS0dMrwYxCPqxux2d2p:PR/rhjP7
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

Thread: hijackthis results said there are suspicous findings....what does that mean?

LinkBack

Thread Tools

hijackthis results said there are suspicous findings....what does that mean?

combo fix results..

new hijackthis log...

I also looked for restrictions.....

virus total for windowscarax 95