Page 1 of 3 123 LastLast
Results 1 to 10 of 29
  1. #1
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default HJT log please help

    please help, internet connection fades fast every time,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:38:33 AM, on 6/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    F3 - REG:win.ini: run="C:\Documents and Settings\Mars6d\Application Data\Adobe\Manager.exe"
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\Download Manager\XEBDLHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ditidavura] Rundll32.exe "C:\WINDOWS\system32\wimisavi.dll",s
    O4 - HKLM\..\Run: [CPM008ca0ca] Rundll32.exe "c:\windows\system32\busutuga.dll",a
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TCOYFReminder] C:\PROGRA~1\TCOYF\tcoyftray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
    O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_6_2/controls/YBUICtrl.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\himepepu.dll c:\windows\system32\busutuga.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\busutuga.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\busutuga.dll (file missing)
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10176 bytes

  2. #2
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default

    had to spit that out fast before i get kicked offline again,

    please help,

    thanks,

  3. #3
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    Hi and welcome to the Help2Go forums.
    My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

    HijackThis logs can take some time to research, so please be patient with me. I know that you need
    your computer working as quickly as possible, and I will work hard to help see that happens.

    These rules are good for you to know:

    • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me how long it will take so the topic will not be closed.



    These rules are to make my voluntary work more comfortable:

    • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • Please reply to this thread. Do not start a new topic.
    • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.



    Finally, please make a uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    • Start HijackThis
    • Click on the Open The Misc Tool Section button
    • Click on the Open Uninstall Manager button.
    • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic.



    Regards,
    John.

  4. #4
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default

    Thanks very much John.

    Got to go now but very much looking forward to trying your instructions.

    Larry

  5. #5
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default

    1Click DVD Copy 5.4.1.6
    Ad-Aware
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Media Player
    Adobe Photoshop 7.0
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    AOL Instant Messenger
    DesignWorkshop Lite
    DVD Photo Slideshow 3.02
    EVEREST Home Edition v1.51
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB939209)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Deskjet Preloaded Printer Drivers
    HP Software Update
    HP Software Update
    HP Solution Center 7.0
    Intel(R) Extreme Graphics 2 Driver
    InterVideo WinDVD
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Premium
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 7.0
    Monopoly
    Monopoly by Parker Brothers
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Nero 7 Essentials
    neroxml
    Opera 9.64
    PowerDVD
    QuickTime
    RealArcade
    RealPlayer
    SAMSUNG CDMA Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960715)
    Sonic RecordNow!
    Sonic Update Manager
    Synaptics Pointing Device Driver
    Trillian
    Uninstall Crystal FTP Pro
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Defender
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Messenger

  6. #6
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    Hi Larry,

    You have an infection, so that is probably causing the connection problems. It may take a couple of tries before we totally got rid of it.

    You aren't running Anti Virus and Firewall Software. Please download and install one of them first!!!

    Use Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
    AntiVir
    Avast

    Here are some really good paid programs which you can buy online or in a shop nearby:
    ESET NOD32
    Kaspersky Anti-Virus or Kaspersky Internet Security with Firewall included

    Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

    Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:

    • If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
    • If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
    • If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
    • If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.



    Here are some firewalls which are free for personal use and most used:
    Kerio Personal Firewall (Free version after 30 days)
    Online Armor Free

    Or you could buy their paid version online or in a shop nearby:
    Kerio Personal Firewall (Continue paid version after 30 days)
    Online Armor or Online Armor AV+ with Anti-Virus included

    As you did this, we can begin with the fix.

    Step 1: Disable Windows Defender
    Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:

    • Open Windows Defender
    • Click Tools
    • Click General Settings
    • Scroll down to Real Time Protection Options
    • Uncheck Turn on Real Time Protection (recommended)
    • Click Save
    • Close Windows Defender
    • Reboot your machine for the changes to take effect.


    Once your log is clean you can re-enable Windows Defender Real Time Protection.

    Step 2: Download and Run ComboFix
    Please visit this webpage for download links, and instructions for running the tool:
    A guide and tutorial on using ComboFix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    If you have Avast as anti virus an additional thing has to be changed to make ComboFix work properly:


    Go on with the ComboFix guide when it opens its log please post it together with a new HijackThis log.

    Remember that the ComboFix log is saved here: C:\ComboFix.txt

    Regards,
    John.

  7. #7
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default

    okay, here they are, ( i still get kicked offline in about 5 minutes )

    ComboFix 09-06-09.06 - Mars6d 06/10/2009 1:19.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.152 [GMT -4:00]
    Running from: c:\documents and settings\Mars6d\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Application Data\twain_32
    c:\documents and settings\LocalService\Application Data\twain_32\user.ds
    c:\documents and settings\Mars6d\Application Data\Adobe\crc.dat
    c:\documents and settings\Mars6d\Application Data\inst.exe
    c:\documents and settings\Mars6d\Application Data\twain_32
    c:\documents and settings\Mars6d\Application Data\twain_32\user.ds
    c:\documents and settings\NetworkService\Application Data\twain_32
    c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
    c:\windows\system32\okupogul.ini
    c:\windows\system32\twain_32
    c:\windows\system32\twain_32\local.ds
    c:\windows\system32\twain_32\user.ds
    c:\windows\system32\twain_32\user.ds.cla
    c:\windows\system32\twext.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
    .

    2009-06-10 02:29 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-10 02:29 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-10 02:27 . 2009-06-10 02:27 -------- d-sh--w- c:\documents and settings\Mars6d\IECompatCache
    2009-06-08 07:48 . 2009-06-08 07:48 -------- d-----w- c:\windows\ie8updates
    2009-06-08 07:46 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-06-07 20:47 . 2009-06-07 20:47 -------- d-----w- c:\windows\system32\XPSViewer
    2009-06-07 20:47 . 2009-06-07 20:47 -------- d-----w- c:\program files\MSBuild
    2009-06-07 20:46 . 2009-06-07 20:46 -------- d-----w- c:\program files\Reference Assemblies
    2009-06-07 20:45 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-06-07 20:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2009-06-07 20:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-06-07 20:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2009-06-07 20:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-06-07 20:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2009-06-07 20:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-06-07 20:45 . 2009-06-07 20:46 -------- d-----w- C:\8be5430b18e6e384b453b18c
    2009-06-07 20:33 . 2009-06-07 20:36 -------- dc-h--w- c:\windows\ie8
    2009-06-07 20:11 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
    2009-06-07 20:11 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2009-06-07 20:11 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2009-06-07 20:11 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2009-06-07 20:11 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
    2009-06-07 20:11 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-06-07 20:11 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-06-07 20:11 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
    2009-06-07 20:11 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
    2009-06-07 20:11 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
    2009-06-07 20:10 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2009-06-07 20:10 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2009-06-05 04:38 . 2009-06-05 04:38 -------- d-----w- c:\documents and settings\Mars6d\Application Data\Uniblue
    2009-06-04 09:09 . 2009-06-04 06:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-06-04 06:47 . 2009-06-04 06:46 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-06-04 06:47 . 2009-06-04 06:47 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-06-04 06:44 . 2009-06-04 07:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-06-04 06:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    2009-06-04 06:44 . 2009-06-04 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-06-04 06:44 . 2009-06-04 06:44 -------- d-----w- c:\program files\Lavasoft
    2009-06-01 07:12 . 2009-06-01 07:12 -------- d-----w- c:\documents and settings\Mars6d\Local Settings\Application Data\Symantec
    2009-06-01 07:05 . 2009-06-05 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2009-06-01 06:58 . 2009-06-01 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-06-01 06:28 . 2009-06-01 08:15 -------- d-----w- c:\documents and settings\Mars6d\Application Data\GetRightToGo
    2009-05-27 06:57 . 2009-05-27 06:57 335 ----a-w- c:\windows\nsreg.dat
    2009-05-27 06:56 . 2009-05-27 06:56 118784 ----a-w- c:\windows\GREUninstall.exe
    2009-05-27 06:56 . 2009-05-27 06:56 8653 ----a-w- c:\windows\mozver.dat
    2009-05-26 04:56 . 2009-05-26 04:56 -------- d-----w- c:\documents and settings\Mars6d\Local Settings\Application Data\Opera
    2009-05-26 04:56 . 2009-05-26 04:56 -------- d-----w- c:\program files\Opera
    2009-05-25 23:20 . 2009-05-25 23:20 -------- d-sh--w- c:\documents and settings\Mars6d\PrivacIE
    2009-05-25 23:18 . 2009-05-25 23:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-05-25 23:18 . 2009-05-25 23:18 -------- d-sh--w- c:\documents and settings\Mars6d\IETldCache
    2009-05-25 03:32 . 2008-04-14 00:12 82432 ----a-w- c:\windows\system32\dllcache\ws2_32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 07:58 . 2007-04-23 16:37 45560 ----a-w- c:\documents and settings\Mars6d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-04 05:47 . 2008-03-01 15:43 -------- d-----w- c:\program files\Yahoo!
    2009-06-04 05:46 . 2007-03-13 05:25 -------- d-----w- c:\program files\bdpw6
    2009-06-04 05:40 . 2004-12-27 10:00 -------- d-----w- c:\program files\Google
    2009-06-04 05:39 . 2003-05-04 08:02 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-04 05:37 . 2008-06-17 03:23 -------- d-----w- c:\program files\CASHFLOW
    2009-06-04 05:32 . 2005-12-18 02:30 -------- d-----w- c:\program files\MSN Games
    2009-06-03 09:23 . 2008-11-20 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
    2009-06-03 08:30 . 2008-12-15 18:30 -------- d-----w- c:\program files\DNA
    2009-06-02 18:05 . 2003-05-04 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2009-05-25 23:16 . 2008-08-02 05:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-05-25 03:32 . 2009-05-25 03:32 64000 ----a-w- c:\windows\system32\5F.tmp
    2009-05-24 01:12 . 2009-05-25 14:36 155422 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
    2009-05-13 05:15 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-13 03:38 . 2008-08-24 04:33 1878984 ----a-w- c:\documents and settings\Mars6d\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-05-08 19:16 . 2003-05-04 08:02 -------- d-----w- c:\program files\HPQ
    2009-05-07 15:32 . 2004-08-04 08:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-06 07:46 . 2009-05-06 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2009-05-06 07:45 . 2009-05-06 07:45 -------- d-----w- c:\documents and settings\Mars6d\Application Data\Yahoo!
    2009-05-01 08:28 . 2008-12-15 18:30 -------- d-----w- c:\documents and settings\Mars6d\Application Data\BitTorrent
    2009-04-18 00:54 . 2009-04-18 00:54 -------- d-----w- c:\program files\Alwil Software
    2009-04-17 12:26 . 2004-08-04 08:00 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2004-08-04 08:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-03-25 10:29 . 2009-03-25 10:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
    2009-03-18 21:55 . 2009-05-06 07:44 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
    2008-03-01 15:45 . 2008-03-01 15:45 774144 ----a-w- c:\program files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
    "HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-04 518488]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-27 113664]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Crystal FTP Pro\\crystalftp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/4/2009 2:47 AM 64160]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [8/20/2006 5:02 PM 16194]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
    S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [6/3/2007 7:48 PM 43024]
    S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [6/3/2007 7:48 PM 77104]
    S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [6/3/2007 8:00 PM 60816]
    S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\DRIVERS\wpn511.sys --> c:\windows\system32\DRIVERS\wpn511.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

    2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{DCABB326-2C46-4297-AAE0-05800844CA1F}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-TCOYFReminder - c:\progra~1\TCOYF\tcoyftray.exe
    HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
    HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
    HKLM-Run-ditidavura - c:\windows\system32\wimisavi.dll
    HKLM-Run-CPM008ca0ca - c:\windows\system32\busutuga.dll
    HKLM-Run-WT GameChannel - c:\program files\WildTangent\Apps\GameChannel.exe
    HKLM-Run-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\GameDrvr.exe
    HKLM-Run-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    HKLM-Run-NeroCheck - c:\windows\system32\NeroCheck.exe
    HKLM-Run-eabconfg.cpl - c:\program files\HPQ\Quick Launch Buttons\EabServr.exe
    HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    HKLM-Run-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
    HKLM-Run-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe
    HKLM-Run-CinemaNowMediaManagerApp - (no file)
    HKLM-Run-Device Detector - DevDetect.exe
    SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\busutuga.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://racing.youbet.com/wr_6_2/controls/YBUICtrl.cab
    FF - ProfilePath - c:\documents and settings\Mars6d\Application Data\Mozilla\Firefox\Profiles\emt9bqny.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
    FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
    FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-06-10 01:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?9?1?5??????? ???B???????????????B? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-589269730-1396339157-1168367586-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:a6,e0,85,fb,98,45,e4,64,47,1a,d9,7f,12,ea,78,81,55,ea,70,f5,51,36,56,
    58,57,ed,4e,cc,99,ec,b3,95,4b,22,41,da,42,6c,b5,a4,c6,32,6e,c0,00,3b,5d,44,\
    "??"=hex:16,f5,45,bb,96,fa,e0,2a,cb,18,93,2c,af,ed,d1,7c
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(872)
    c:\program files\Funk Software\Odyssey Client\odLogin.dll

    - - - - - - - > 'explorer.exe'(3784)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\HPZipm12.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\windows\system32\dwwin.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-10 1:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-10 05:35

    Pre-Run: 9,472,454,656 bytes free
    Post-Run: 9,929,551,872 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    265 --- E O F --- 2009-06-10 02:47


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:07:48 AM, on 6/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\Download Manager\XEBDLHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
    O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_6_2/controls/YBUICtrl.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8071 bytes

  8. #8
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default

    and i get this error :

    NMIndexStoreSvr.eve

  9. #9
    Moderator Forum Moderator JohnB151's Avatar
    Join Date
    Mar 2009
    Location
    The Netherlands
    Posts
    951
    Points
    38

    Default

    Hi,

    Why didn't you install Anti-Virus or Firewall software (latter not always needed)? Your logs look pretty clean.

    You aren't running Anti Virus and Firewall Software. Please download and install one of them first!!!

    Use Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
    AntiVir
    Avast

    Here are some really good paid programs which you can buy online or in a shop nearby:
    ESET NOD32
    Kaspersky Anti-Virus or Kaspersky Internet Security with Firewall included

    Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

    Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:

    • If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
    • If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
    • If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
    • If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.



    Here are some firewalls which are free for personal use and most used:
    Kerio Personal Firewall (Free version after 30 days)
    Online Armor Free

    Or you could buy their paid version online or in a shop nearby:
    Kerio Personal Firewall (Continue paid version after 30 days)
    Online Armor or Online Armor AV+ with Anti-Virus included

    As you did this, we can begin with the fix.

    Step 1: Disable Windows Defender
    Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:

    • Open Windows Defender
    • Click Tools
    • Click General Settings
    • Scroll down to Real Time Protection Options
    • Uncheck Turn on Real Time Protection (recommended)
    • Click Save
    • Close Windows Defender
    • Reboot your machine for the changes to take effect.


    Once your log is clean you can re-enable Windows Defender Real Time Protection.

    Step 2: Remove Poker programs
    From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

    I would advise you to go to Add/Remove programs and uninstall your poker programs.

    Here are links to some poker sites regarded as safe for your reference.

    * Free Poker - Play Texas Holdā€™em for Free at PokerStars - This is a simple play money version.
    * Poker - Online Poker Games at PokerStars - Play Texas Holdem - This is a bigger play money and real money version.

    Step 3: Download and Run SystemLook
    Please download SystemLook from one of the links below and save it to your desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      c:\program files\bdpw6 /s
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please close the log for now. The log can also be found on your desktop entitled SystemLook.txt



    Step 4: Remove HijackThis entries

    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.



    Step 5: Run CFScript
    Open Notepad and copy/paste the text in the box into the window:

    Code:
    File::
    c:\windows\system32\5F.tmp
    
    Regnull::
    [HKEY_USERS\S-1-5-21-589269730-1396339157-1168367586-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    If your have Avast as anti virus an additional thing has to be changed to make ComboFix work properly:


    After doing that close any open browsers.



    Refering to the picture above, drag CFScript into ComboFix.exe

    ComboFix will start scannning and when it opens its log please close it.

    Remember that the ComboFix log is saved here: C:\ComboFix.txt

    Step 6: Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    • Start HijackThis
    • Click on the Open The Misc Tool Section button
    • Click on the Open Uninstall Manager button.
    • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.



    Step 7: Post logs
    Please post the following logs in a reply to this topic (use multiple posts if needed):

    • New HijackThis log
    • Uninstall log
    • SystemLook log
    • ComboFix/CFScript log



    Regards,
    John.

  10. #10
    Member
    Join Date
    Sep 2006
    Location
    NYC
    Posts
    495
    Points
    3

    Default

    i have windows firewall, and i run avast every week or so, and also i run ad-aware weekly,

    actually, i think i uninstalled avast about a week ago because i thought maybe it was responsible for kicking me off the internet,

    still getting kicked off now, even with the clean logs,

Page 1 of 3 123 LastLast