Help!

yeah another google hijack log

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  track/log the websites visitted in home network  
Author Message
jakethebob



Joined: Aug 23, 2009
Posts: 3
PostPosted: Sun Aug 23, 2009 5:58 am    Post subject: yeah another google hijack log
i have scanned with zone alarm and malwarebytes and found nothing both fully updated.
i have the same problems as others, i search something on google and when i click the results it redirects.

here is the log
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c...nt/muwe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Sun Aug 23, 2009 1:30 pm    Post subject:
Welcome to Lockergnome.

Do you recognize putting the following into your proxy settings:

plimus.com,www.plimus.com,regnow.com,www.regnow.com,

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
Back to top
AIM Address Yahoo Messenger
jakethebob



Joined: Aug 23, 2009
Posts: 3
PostPosted: Sun Aug 23, 2009 5:24 pm    Post subject:
i dont remember putting them in at all.
here is the log
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\AC3\ac3filter.ax
c:\program files\AVI Codec Pack\AC3\dialog_patch.exe
c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM
c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe
c:\program files\AVI Codec Pack\uninstall.exe
c:\windows\asks~1
c:\windows\Installer\359ff56.msi
c:\windows\servicepackfiles\www.google.com
c:\windows\system32\Cache
c:\windows\system32\kbiwkmbhltqlvv.dll
c:\windows\system32\kbiwkmhbbakdmm.dll
c:\windows\system32\kbiwkmklqbwihb.dat
c:\windows\system32\kbiwkmqoqxwnsf.dat
c:\windows\twain_16.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 11:50 . 2009-08-23 21:53 117760 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-23 11:49 . 2009-08-23 11:49 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2009-08-23 11:49 . 2009-08-23 11:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-23 11:49 . 2009-08-23 11:49 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\SUPERAntiSpyware.com
2009-08-23 10:56 . 2009-08-23 10:56 -------- d-----w- c:\program files\Trend Micro
2009-08-22 12:51 . 2008-07-08 07:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-08-22 12:51 . 2008-07-29 19:33 446464 ----a-w- c:\windows\system32\nvunrm.exe
2009-08-22 07:46 . 2009-08-22 07:46 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Malwarebytes
2009-08-22 07:46 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 07:46 . 2009-08-22 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 07:46 . 2009-08-22 07:46 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
2009-08-22 07:46 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 11:43 . 2009-08-21 11:43 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky SDK
2009-08-21 08:34 . 2009-08-21 08:34 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\NVIDIA Corporation
2009-08-21 08:34 . 2009-08-22 13:39 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Local Settings\Application Data\NVIDIA Corporation
2009-08-21 08:34 . 2009-08-21 08:34 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2009-08-21 08:09 . 2009-07-01 21:00 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-14 14:47 . 2005-01-04 21:19 2670592 ------w- c:\windows\UNNeroVision.exe
2009-08-14 14:47 . 2001-03-09 01:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-08-14 14:47 . 2001-06-26 14:15 38912 ------w- c:\windows\system32\picn20.dll
2009-08-14 14:47 . 2000-06-26 17:45 106496 ------w- c:\windows\system32\TwnLib20.dll
2009-08-14 14:47 . 2009-08-14 14:47 -------- d-----w- c:\program files\Ahead
2009-08-12 22:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 09:46 . 2009-08-12 09:46 -------- dc-h--w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2009-08-11 08:31 . 2009-08-11 08:31 152576 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 06:31 . 2009-08-11 06:31 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Local Settings\Application Data\Redlynx
2009-08-11 06:31 . 2009-08-11 06:31 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-11 06:31 . 2009-08-11 06:31 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-11 06:31 . 2009-08-11 06:31 -------- d-----w- c:\program files\OpenAL
2009-08-08 08:36 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 08:36 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 08:36 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 08:36 . 2009-08-08 08:36 -------- d-----w- C:\71840766be6d647f59fb
2009-08-08 08:36 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 08:35 . 2009-08-08 08:44 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 02:46 . 2009-06-28 21:48 8186 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Mozilla\Firefox\Profiles\p8bnbndb.default\extensions\exif_viewer@mozilla.doslash.org\content\check2.bat
2009-08-03 02:46 . 2009-06-28 21:48 16327 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Mozilla\Firefox\Profiles\p8bnbndb.default\extensions\exif_viewer@mozilla.doslash.org\content\check1.bat
2009-08-03 02:46 . 2009-06-28 19:59 16 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Mozilla\Firefox\Profiles\p8bnbndb.default\extensions\exif_viewer@mozilla.doslash.org\content\check.bat
2009-07-30 09:10 . 2009-07-30 09:10 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Publish Providers
2009-07-30 09:10 . 2009-07-30 09:10 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2009-07-30 09:09 . 2009-07-30 09:09 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Sony
2009-07-30 09:09 . 2009-07-30 09:09 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Local Settings\Application Data\Sony
2009-07-30 09:07 . 2009-07-30 09:07 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Sony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 21:59 . 2007-06-23 06:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-23 21:52 . 2007-07-07 03:48 -------- d-----w- c:\program files\Steam
2009-08-23 11:49 . 2007-07-09 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-23 11:40 . 2007-07-03 09:54 -------- d-----w- c:\program files\FTP Commander Pro
2009-08-23 07:00 . 2009-08-23 07:00 161212 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_22_23_53_48_small.dmp.zip
2009-08-23 07:00 . 2009-08-23 07:00 139446 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_22_23_54_16_small.dmp.zip
2009-08-23 06:54 . 2009-08-23 06:55 2277888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-08-23 06:54 . 2009-08-23 06:55 12800 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-23 06:53 . 2009-08-23 06:54 2625536 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-08-23 06:47 . 2009-08-21 20:06 2179286 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-23 00:09 . 2007-07-24 15:02 -------- d-----w- c:\program files\VstPlugins
2009-08-22 13:08 . 2007-06-15 18:32 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-22 13:08 . 2007-06-15 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 07:37 . 2008-04-04 02:25 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Viewpoint
2009-08-22 07:28 . 2007-07-24 15:01 -------- d-----w- c:\program files\Image-Line
2009-08-22 07:25 . 2007-09-02 18:12 -------- d-----w- c:\program files\Easy GIF Animator
2009-08-22 07:22 . 2009-05-12 03:45 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-08-22 07:22 . 2008-02-23 22:38 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Vso
2009-08-22 07:22 . 2008-02-23 22:38 81920 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\ezpinst.exe
2009-08-22 07:22 . 2008-02-23 22:38 81920 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\ezpinst.exe
2009-08-22 07:22 . 2008-02-23 22:38 47360 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\pcouffin.sys
2009-08-22 07:22 . 2008-02-23 22:38 47360 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\pcouffin.sys
2009-08-22 07:21 . 2007-07-01 18:31 -------- d-----w- c:\program files\Cheat Engine
2009-08-22 07:17 . 2007-06-28 06:12 -------- d-----w- c:\program files\Bonjour
2009-08-22 07:12 . 2007-08-08 10:09 -------- d-----w- c:\program files\CCleaner
2009-08-21 20:21 . 2008-04-30 04:45 -------- d-----w- c:\program files\mIRC
2009-08-21 12:02 . 2007-09-19 10:49 -------- d-----w- c:\program files\SpeederXP
2009-08-21 08:19 . 2009-02-25 02:54 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\dvdcss
2009-08-21 08:08 . 2009-08-21 08:08 -------- d-----w- c:\program files\Zone Labs
2009-08-14 21:20 . 2008-01-03 13:06 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Ahead
2009-08-14 14:47 . 2008-01-03 12:15 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Ahead
2009-08-12 09:42 . 2007-07-07 13:02 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-12 09:13 . 2008-04-01 06:31 -------- d-----w- c:\program files\Phun
2009-08-11 08:32 . 2007-06-27 03:22 -------- d-----w- c:\program files\Java
2009-08-09 09:00 . 2008-04-19 20:25 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\TrackMania
2009-08-08 09:05 . 2007-06-24 22:23 27384 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 09:06 . 2007-12-30 20:44 -------- d-----w- c:\program files\Sony
2009-07-25 12:23 . 2009-02-12 01:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-12 02:28 . 2007-06-29 09:16 -------- d-s---w- c:\program files\Xfire
2009-07-11 03:16 . 2007-07-01 13:51 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-11 03:16 . 2007-06-29 09:16 -------- d-----w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Xfire
2009-07-11 03:16 . 2007-07-01 13:51 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-05 05:14 . 2007-07-01 13:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-01 21:00 . 2009-08-21 08:08 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-07-01 21:00 . 2009-08-21 08:08 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-07-01 21:00 . 2009-08-21 08:08 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-06-29 16:12 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2007-06-25 03:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 09:56 . 2009-06-25 09:56 -------- d-----w- c:\program files\Cakewalk
2009-06-25 09:56 . 2009-06-25 09:56 -------- d-----w- c:\docume~1\ALLUSE~1.WIN\APPLIC~1\Cakewalk
2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2003-03-31 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-03-31 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-03-31 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-03-31 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2003-03-31 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 21:44 . 2007-10-02 08:06 139152 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\PnkBstrK.sys
2009-06-23 21:44 . 2007-10-02 08:06 139152 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\PnkBstrK.sys
2009-06-23 21:39 . 2007-10-02 08:06 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-16 14:36 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 22:20 . 2009-06-14 22:20 9232 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmmdfl.sys
2009-06-14 22:20 . 2009-06-14 22:20 92064 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmmdm.sys
2009-06-14 22:20 . 2009-06-14 22:20 79328 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmserd.sys
2009-06-14 22:20 . 2009-06-14 22:20 66656 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmbus.sys
2009-06-14 22:20 . 2009-06-14 22:20 6208 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmcmnt.sys
2009-06-14 22:20 . 2009-06-14 22:20 5936 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmwhnt.sys
2009-06-14 22:20 . 2009-06-14 22:20 4048 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\mqdmcr.sys
2009-06-14 22:20 . 2009-06-14 22:10 25600 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\usbsermptxp.sys
2009-06-14 22:20 . 2009-06-14 22:10 22768 ----a-w- c:\documents and settings\jake.JAKE-7Y7WCSEKNY\usbsermpt.sys
2009-06-12 12:31 . 2003-03-31 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2003-03-31 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2007-06-23 06:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2003-03-31 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-03-31 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 23:29 . 2009-05-26 23:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-26 23:29 . 2009-05-26 23:29 552 ----a-w- c:\windows\system32\d3d8caps.dat
2007-08-12 06:54 . 2007-07-03 09:58 19 ----a-w- c:\program files\Answer.txt
2008-08-11 23:07 . 2008-02-23 22:47 48 --sh--w- c:\windows\S92C8DE9A.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-06-11 1217784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-09 153136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"DT LGE"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2007-06-12 291328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-07-01 1010568]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\docume~1\ALLUSE~1.WIN\STARTM~1\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 04:16 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA1.exe"=
"c:\\Program Files\\Steam\\steamapps\\pakpaul\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42677:TCP"= 42677:TCP:utorrent
"42677:UDP"= 42677:UDP:tt
"10702:TCP"= 10702:TCP:BitComet 10702 TCP
"10702:UDP"= 10702:UDP:BitComet 10702 UDP
"6881:TCP"= 6881:TCP:torrent
"6882:TCP"= 6882:TCP:torrent
"8750:TCP"= 8750:TCP:BitComet 8750 TCP
"8750:UDP"= 8750:UDP:BitComet 8750 UDP
"1010:TCP"= 1010:TCP:utorrent
"14576:TCP"= 14576:TCP:jakes ports
"1089:TCP"= 1089:TCP:BitComet 1089 TCP
"1089:UDP"= 1089:UDP:BitComet 1089 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04EFA3C4-99FE-74D4-61A5-C20366D1F6C9}]
c:\program files\COMM39\windowz.exe s
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\docume~1\JAKE~2.JAK\APPLIC~1\Mozilla\Firefox\Profiles\p8bnbndb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zomgstuff.net/forum/index.php
FF - plugin: c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Mozilla\Firefox\Profiles\p8bnbndb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\jake.JAKE-7Y7WCSEKNY\Application Data\Mozilla\plugins\NPSWF32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\JAKE~2.JAK\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09D47F52-4F0A-151B-21A2-699A07D2D5F5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhmoojaookdklemgknbjbbldcdobbfopi"=hex:61,62,62,6b,6c,69,65,63,68,64,6f,65,
65,67,63,67,67,6a,66,6a,6d,64,65,70,6b,68,6c,67,6b,6b,68,6c,6b,64,00,00
"bbhmoojaookdklemgkebmpohajgipmmikfkf"=hex:61,62,69,6a,64,6a,6c,68,6b,68,6a,6a,
6d,62,66,63,69,67,65,6d,62,65,6e,63,6b,6c,67,6c,63,67,68,6d,61,70,00,00

[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:59,39,8b,2b,dc,95,e9,2d,d7,d5,8e,be,80,c1,b9,74,38,7f,6d,4b,10,af,88,
0b,83,f5,9a,e0,8d,cf,6a,b6,71,70,63,9f,aa,a9,46,4f,ad,4f,27,6c,dd,ac,18,d9,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:94,62,0b,fc,5f,ae,0f,7e,60,d7,e8,26,4d,fc,19,6a,e0,18,0f,95,39,
fd,4a,f6,72,78,c2,57,39,2e,bf,de,32,9e,38,00,59,aa,f9,0d,07,77,fc,d7,68,b5,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E01C0DB36DA437EB1365084703D1483F0E8060D639F2D3B3C31DF01FF20DB85FD234C1A3503E976A3EEEE0A5CA6D4E86E8148C28A17E5007F28FAA091520BE7659020E2774A4DECBEB641317F86F58A612390B6D74EB459A5F50E911CD1A93127519D822C82AB63CBD838DF32A22230968F56B919B1FA4BA434D85FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6171C11EC38DE3D5D575E7D6A3B9808A82F7688F0B3BD8A70ED695ADB244A648F127CACB644DFAE430CDBF69FA96347E113B63D5FFDD1C4630E75DF77CE4CF373538ABC41B320189932C3239944738E73513E8B25D9EEAD75DB5CB19827878245FACD6E9B19CAD89FA6306D338F4492CB3EB3A7C5DC71CDA6765A392421C3E2B717BE7F2BE52D285406EF0AF1994D8DDCA25E5A07531B04F975D17440E429B57CA9754298BC7C0CBF5D77409E25EA8E1DB929FDF4BA0D85F65F45745ACCC474CF29301CD2F84DE2E9B05AE94A265AF508332406DD465256AAB2DEDCA269896A6B7E518908241ADD6178D5F8C446C0FA9C330473D55AD653A3DF6CE90EFCCB379008DD96AF01C17F389D496EA564A5A55CD221603414E92AF4CB5D66D101454F051801E6820386A3037F3562C511F2D44F1D75F81341C1DC37D0C6B46D1F93F990F4872F7E538E745C7143004411F9B97E12227CD1E2F444853AE2C91FB837D20058E2BB614E64F3603BBB0702DFECDA79276A4115B1818A00C98DAEEADE974A24EF2B69B483F677329510C927A96291D3C2B72D4197C6ACCA35C6029B5CFA24D05E972CBEB798A6F633D0311CCFD78BA24214BD84B10A7F8CA4B5F239A911F760B988070EE47EFD58B3B6B68F68ABCA8073B0834C5471A87135A1C897F76B302D0B7D97F236445005301C6AF43D21250E9C60A24B848C24A877F75B482A7D0E1AD19E0B028C6840ACB27F6F80CA5FC4EA749C52797EC9BE6671C919255723A50BFE34A2967DCBC7863B84FCAC4372A541A880DF13AEFD9DE21C4B02C9CC97DDE7F82D364CCF3733CABBF05F398CC91B38574BAC15BAE1B5D764D5AC9588FDF29D1A1B300480D2A2B81BB0F3263FB74B8195E0A9437592D2062B6641AD3ED9F39DAFB30C6341AE8B903552AFBB2AF42F4E6B4AE1A66C8E9231C49DFD7A5517455CFBD05F53753C3899598899824D1D945453B2F1875CBA69A1FA40B327E9011F52B4F04E82B552439C49AB4CC85FAD1DD0406A8777B7619CA10B39C6A4CC4A8CFA053595DF4E2B9D66BDB3F6A14A0B407F93E5E848A62CC802A512B226FD07ED590AE38021C0650D495FC15DE229FDC4A4A63B6E1102ACDA96EE7D82A438B1F57056E6F2C04103AA1B4F19D7265030CA87452783AD59D81634025158DC65A72E49EFCC627B"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-08-23 15:14
ComboFix-quarantined-files.txt 2009-08-23 22:14

Pre-Run: 95,405,854,720 bytes free
Post-Run: 96,705,052,672 bytes free
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Mon Aug 24, 2009 8:36 pm    Post subject:
Go into Internet Explorer > Tools > Internet Options > Connections tab and click on the LAN Settings button. Clear everything in there (uncheck them) since you are not sure what they are for.

Do you know what the following is for?

c:\program files\COMM39\windowz.exe

If not, it will be removed in the below fix. Otherwise, if you know what it's used for, please remove the following lines from CFScript.txt before you run it:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04EFA3C4-99FE-74D4-61A5-C20366D1F6C9}]
c:\program files\COMM39\windowz.exe

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Quote:
Folder::
c:\program files\COMM39\
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04EFA3C4-99FE-74D4-61A5-C20366D1F6C9}]
Reglock::
[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
Regnull::
[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09D47F52-4F0A-151B-21A2-699A07D2D5F5}*]
RegLockDel::
[HKEY_USERS\S-1-5-21-73586283-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09D47F52-4F0A-151B-21A2-699A07D2D5F5}*]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
Back to top
AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum