Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

fail to update/load mal/virus programs | Google Re-dir


  • Please log in to reply

#1
Zupperman

Zupperman

    New Member

  • Member
  • Pip
  • 1 posts
I tried to follow the steps after I tried other forum threads.

I'm not too sure what is the issue with my PC. I tred installing MMB, doesn't lauch. I've tried using the system recovery program to wipe everything(as I planned to do 2 weeks ago) when it reboots-- nothing. I've tried using system restore, but it fails to let me press next after I select a point; it's lit up but does nothing.

My virus program failed to update when I reinstalled(reinstalled because somehow became 10 days outta date) didn't work. My spybot Search and Destroy started to not let me launch .exe from the desktop.

I also get that google re-direct stuff. I've never ever in my lifetime of owning a PC ran into this. I've always ran virus scans and etc.

Also note I've gotten that "Your IP is XX.XXX.... and rustock-N is infected" I forget exact msg and virus.


Sum it up, nothing that deals with malware/spyware/viruses update or even start. PC recovery fais to work, along with my System Restore.

Thx in advance if you can help me.

Edit: Ran ComboFix
Results:

ComboFix 09-07-21.05 - Anthony 07/22/2009 10:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1559 [GMT -4:00]
Running from: c:\documents and settings\Anthony\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\33d130a.msp
c:\windows\Installer\f0c71f9.msi
c:\windows\system32\drivers\MSIVXyrgedlptxmifmyytoptmksmahblskxer.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXpfdlnwnapkrswbxesnaoepukapjyyove.dll
c:\windows\system32\MSIVXvrklatufqonibsbwvasihgnjagwornsp.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-22 14:24 . 2009-07-22 14:24 -------- d-----w- c:\program files\ERUNT
2009-07-22 14:09 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 14:09 . 2009-07-22 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 14:09 . 2009-07-22 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-22 14:09 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 05:27 . 2009-07-22 05:38 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-07-18 01:02 . 2008-12-11 07:03 -------- d-----w- c:\documents and settings\Administrator.ANTHONY-PC\Local Settings\Application Data\Microsoft Help
2009-07-18 01:00 . 2009-07-22 13:58 -------- d-----w- c:\documents and settings\Anthony\Application Data\CheckPoint
2009-07-18 00:52 . 2009-07-22 13:58 96 ----a-w- c:\windows\system32\pdfl.dat
2009-07-18 00:52 . 2009-07-18 00:52 80 ----a-w- c:\windows\system32\ibfl.dat
2009-07-18 00:52 . 2009-07-18 00:52 144 ----a-w- c:\windows\system32\lkfl.dat
2009-07-18 00:51 . 2009-07-18 00:51 -------- d-----w- c:\program files\CheckPoint
2009-07-18 00:51 . 2009-07-18 00:51 -------- d-----w- c:\program files\Zone Labs
2009-07-18 00:50 . 2009-07-22 14:01 -------- d-----w- c:\windows\Internet Logs
2009-07-10 18:19 . 2004-11-29 00:54 352256 ----a-w- c:\windows\system32\fmod.dll
2009-07-10 18:09 . 2009-07-11 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-07-09 22:39 . 2009-07-09 22:39 -------- d--h--r- c:\documents and settings\Anthony\Application Data\SecuROM
2009-07-09 22:39 . 2009-07-09 22:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-09 20:35 . 2009-07-09 20:35 10684866 ----a-w- c:\documents and settings\Anthony\Application Data\Azureus\plugins\azump\mplayer.exe
2009-07-09 20:35 . 2009-07-09 20:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-09 19:09 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-09 19:09 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-09 19:09 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-09 19:09 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-09 19:09 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-09 19:09 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-09 19:09 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-09 19:05 . 2009-07-09 19:05 -------- d-----w- c:\windows\Logs
2009-07-09 17:51 . 2009-07-09 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-07-09 17:51 . 2009-07-13 23:42 -------- d-----w- c:\documents and settings\Anthony\Application Data\Azureus
2009-07-09 17:50 . 2009-07-09 17:51 -------- d-----w- c:\program files\Vuze
2009-07-08 20:48 . 2009-07-08 21:15 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 20:48 . 2009-07-08 21:14 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-08 20:48 . 2009-07-08 20:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-08 20:48 . 2009-07-08 20:48 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\PunkBuster
2009-07-08 20:46 . 2007-07-20 04:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-07-08 20:46 . 2007-07-19 22:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-07-08 20:46 . 2007-07-19 22:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-07-08 20:46 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-07-08 19:45 . 2009-07-10 13:45 -------- d-----w- c:\program files\Steam
2009-07-08 14:59 . 2009-07-08 14:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-02 14:44 . 2009-07-02 14:44 -------- d-----w- c:\program files\QuickTime
2009-07-02 14:43 . 2009-07-02 14:43 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 14:43 . 2009-07-02 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-01 18:28 . 2009-07-01 18:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2009-06-30 21:08 . 2009-07-22 13:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-30 08:02 . 2009-06-30 08:02 -------- d-----w- c:\program files\Alwil Software
2009-06-30 07:52 . 2009-06-30 07:52 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-30 07:52 . 2009-06-30 07:52 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-30 07:52 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-30 07:13 . 2009-06-30 07:53 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-30 07:12 . 2009-06-30 07:12 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-29 14:06 . 2009-06-29 14:06 -------- d-sh--w- c:\documents and settings\Anthony\PrivacIE
2009-06-26 18:07 . 2009-06-26 18:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-26 18:07 . 2009-06-26 18:07 -------- d-sh--w- c:\documents and settings\Anthony\IETldCache
2009-06-26 15:30 . 2009-06-26 15:30 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\DNA
2009-06-26 15:30 . 2009-07-22 14:50 -------- d-----w- c:\documents and settings\Anthony\Application Data\DNA
2009-06-26 15:30 . 2009-07-22 14:22 -------- d-----w- c:\program files\DNA
2009-06-26 15:28 . 2009-06-26 15:28 -------- d-----w- c:\program files\Softnyx
2009-06-26 13:39 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-26 13:39 . 2009-06-26 13:39 -------- d-----w- c:\windows\ie8updates
2009-06-26 13:32 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-26 13:32 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 13:22 . 2009-06-26 13:31 -------- dc-h--w- c:\windows\ie8
2009-06-25 23:38 . 2009-06-25 23:38 -------- d-----w- C:\CFLog
2009-06-25 23:20 . 2009-06-25 23:20 -------- d-----w- c:\program files\Subagames
2009-06-25 23:06 . 2009-06-25 23:06 -------- d-----w- C:\games
2009-06-25 23:05 . 2009-06-25 23:23 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\PMB Files
2009-06-25 23:05 . 2009-06-25 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-23 19:12 . 2009-06-23 19:12 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 13:53 . 2008-03-14 21:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-22 13:13 . 2008-03-14 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 12:59 . 2008-03-14 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 12:58 . 2008-03-14 21:09 -------- d-----w- c:\program files\SpywareBlaster
2009-07-13 04:03 . 2008-12-31 01:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 02:23 . 2008-03-23 14:31 -------- d-----w- c:\documents and settings\Anthony\Application Data\LimeWire
2009-07-09 22:34 . 2009-02-04 03:25 -------- d-----w- c:\documents and settings\Anthony\Application Data\Roxio
2009-07-09 18:24 . 2009-06-21 00:24 -------- d-----w- c:\program files\alaplaya
2009-07-09 17:51 . 2008-03-14 04:59 118896 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 15:15 . 2006-07-22 05:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 00:25 . 2008-03-15 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-07 13:56 . 2008-10-29 22:52 -------- d-----w- c:\program files\Runes of Magic
2009-07-02 14:44 . 2008-04-06 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-01 19:46 . 2008-04-14 00:00 -------- d-----w- c:\program files\Rapidown
2009-06-30 07:09 . 2008-04-01 23:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 22:29 . 2009-01-03 23:11 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-26 20:33 . 2009-01-05 06:24 -------- d-----w- c:\program files\PokerStars
2009-06-26 20:31 . 2009-01-05 06:34 -------- d-----w- c:\program files\PlayersOnly Poker
2009-06-26 20:16 . 2008-05-10 00:26 -------- d-----w- c:\program files\Absolute Poker
2009-06-25 23:05 . 2009-01-23 17:14 -------- d-----w- c:\program files\Pando Networks
2009-06-25 19:18 . 2009-06-21 00:28 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-06-25 18:16 . 2008-10-09 19:56 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-06-25 18:16 . 2008-10-09 19:56 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-06-24 07:13 . 2009-03-06 21:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-23 19:30 . 2008-10-09 19:56 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-06-23 19:30 . 2008-10-09 19:56 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-06-23 19:30 . 2008-10-09 19:56 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-06-23 19:30 . 2008-10-09 19:55 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-06-23 19:12 . 2006-07-22 05:43 -------- d-----w- c:\program files\DivX
2009-06-22 02:23 . 2009-06-20 15:23 -------- d-----w- c:\program files\TalismanOnline
2009-06-21 00:24 . 2006-07-22 04:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 07:22 . 2008-12-10 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 13:43 . 2009-06-10 13:41 -------- d-----w- c:\program files\ClubWPT
2009-05-19 05:36 . 2009-07-14 03:50 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-07-14 03:50 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-07-14 03:50 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-07-14 03:50 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-07-14 03:50 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-07-14 03:50 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-07-14 03:50 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-07-14 03:50 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-16 22:40 . 2009-05-16 22:40 390664 ----a-w- c:\documents and settings\Anthony\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 05:15 . 2004-08-04 21:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:14 . 2008-11-12 21:05 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2008-11-12 21:05 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2004-08-04 21:00 345600 ----a-w- c:\windows\system32\localspl.dll
2006-05-21 03:25 . 2008-07-28 17:56 1875968 ----a-w- c:\program files\gens.exe
2009-07-22 12:54 . 2008-08-26 15:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-26 318272]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-28 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-28 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-06-22 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 185896]
"adsnwm"="c:\windows\system32\adsnwm.exe" [2008-09-16 20480]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-28 1617920]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-17 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrayMin700.exe.lnk.disabled [2008-9-3 605]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"ChikkaDefault"=c:\progra~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58801:TCP"= 58801:TCP:Pando Media Booster
"58801:UDP"= 58801:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7/31/2008 9:45 PM 21512]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [6/4/2008 7:26 PM 143467]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/30/2009 3:52 AM 604416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/27/2008 11:26 PM 24652]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 3:58 PM 26248]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 phc700;USB PC Camera (SPC700NC);c:\windows\system32\drivers\phc700.sys [9/3/2008 6:42 PM 644864]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [8/23/2008 4:00 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [8/23/2008 4:00 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [8/23/2008 4:00 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [8/23/2008 4:00 PM 59520]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\XDva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-khfDsqqn - khfDsqqn.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\oi7mjsfu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\oi7mjsfu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\oi7mjsfu.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\oi7mjsfu.default\extensions\[email protected]\plugins\npssn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 10:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? [email protected]?????<[email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-399214269-1679525134-2789785001-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a1,c8,6b,b8,98,39,78,6d,0c,4e,9d,d2,7d,b4,96,3a,3e,46,57,c1,96,48,97,
c8,72,71,f3,e5,ab,89,ad,0c,e9,31,5d,54,7b,8b,09,77,3e,35,6a,02,31,db,ea,e0,\
"??"=hex:da,e5,1e,14,41,ba,c1,0a,02,ce,bd,aa,a8,92,93,00
.
Completion time: 2009-07-22 11:00
ComboFix-quarantined-files.txt 2009-07-22 14:59

Pre-Run: 24,785,604,608 bytes free
Post-Run: 24,802,676,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

300 --- E O F --- 2009-07-06 07:01

Edited by Zupperman, 22 July 2009 - 09:05 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP