Many different problems...

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Many different problems...28th August 2009, 3:04 pm

I've downloaded a rather nasty virus.
It has disabled all virus scanning.
It has dissabled HijackThis
75% of the time it will restart my computer or freeze when I log in.
It will randomly restart my computer.
It will not allow me to get to some websites directly and some indirectly. (I either have to google the website or type it in the bar)
It opens Internet Explorer in an invisible window and plays television audio.

Re: Many different problems...31st August 2009, 4:14 am

Bump

Re: Many different problems...31st August 2009, 5:36 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind scecli.dll netlogon.dll eventlog.dll
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Many different problems... DXwU4

Re: Many different problems...31st August 2009, 10:30 pm

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll --a--- 181248 bytes [22:40 03/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [12:00 04/08/2004] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [12:00 04/08/2004] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll --a--- 407040 bytes [22:39 03/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [12:00 04/08/2004] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 04/08/2004] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --a--- 56320 bytes [22:38 03/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [12:00 04/08/2004] [12:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 62976 bytes [12:00 04/08/2004] [12:00 04/08/2004] (Unable to calculate MD5)

-=End Of File=-

Re: Many different problems...1st September 2009, 5:47 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Many different problems...1st September 2009, 11:40 pm

/////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Sep 01 15:57:28 2009

15:57:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "a2htv6qj" found!
Could not open driver a2htv6qj for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Now google is redirecting me to random sites

Re: Many different problems...2nd September 2009, 12:42 am

Hello.
Delete the Hijack This you have now, it's corrupted by the malware. Now that patched file is gone, the restrictions go with it, we can work with tools now.

Please download Hijack This from here:
http://www.sendspace.com/pro/dl/932rpd

Run it, do a system scan with logfile.

Re: Many different problems...2nd September 2009, 1:52 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:28 PM, on 9/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Airlink101\AWLL5025\WLService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Airlink101\AWLL5025\AWLL5025.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gen-XDM(Games)\Desktop\winlogon(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [mcinfo_1196897665] C:\DOCUME~1\GEN-XD~1\LOCALS~1\Temp\mcinfo_1196897665.exe /insfin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\GEN-XD~1\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-18\..\Run: [SansaDispatch] C:\Documents and Settings\LocalService\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SansaDispatch] C:\Documents and Settings\LocalService\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchpad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159501089015
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
O20 - AppInit_DLLs: WIKI.DLL igxzuk.dll snzejl.dll
O23 - Service: Airlink101 USB XR Adapter WLService - Unknown owner - C:\Program Files\Airlink101\AWLL5025\WLService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 12912 bytes

Re: Many different problems...2nd September 2009, 1:03 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\GEN-XD~1\LOCALS~1\Temp\b.exe
O20 - AppInit_DLLs: WIKI.DLL igxzuk.dll snzejl.dll
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Many different problems...2nd September 2009, 10:40 pm

I can't open MBAM.

Re: Many different problems...2nd September 2009, 11:53 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Many different problems...3rd September 2009, 1:02 am

CFScript Name Error

Were you trying to run CFScript?

The name, CFScript appears to be incorrectly spelt.

Re: Many different problems...3rd September 2009, 3:11 pm

That doesn't sound right.
Were not using CFScript here. Did you rename Combofix to Combo-Fix?

Re: Many different problems...3rd September 2009, 10:17 pm

Yes, I did. Does it matter that I couldn't save it as an application?
I could only save it as a binary file.

Re: Many different problems...7th September 2009, 2:49 am

Is there anything else I can try?

Re: Many different problems...7th September 2009, 8:53 pm

Can you try download Combofix via another machine and transport it via USB? It needs to be saved as an application.

Re: Many different problems...8th September 2009, 2:32 am

ComboFix 09-09-07.03 - Gen-XDM(Games) 09/07/2009 19:04.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.645 [GMT -7:00]
Running from: E:\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active

.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gen-XDM(Games)\Application Data\ShoppingReport
c:\documents and settings\Gen-XDM(Games)\Application Data\ShoppingReport\cs\Config.xml
C:\install.exe
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\Installer\10978fbb.msp
c:\windows\Installer\13d45cd.msp
c:\windows\Installer\13d96c4c.msp
c:\windows\Installer\13d96c50.msp
c:\windows\Installer\13d96c54.msp
c:\windows\Installer\14e72dcf.msi
c:\windows\Installer\1501134f.msp
c:\windows\Installer\15011353.msp
c:\windows\Installer\15011357.msp
c:\windows\Installer\1501135b.msp
c:\windows\Installer\1501135f.msp
c:\windows\Installer\15011363.msp
c:\windows\Installer\1bb55dea.msp
c:\windows\Installer\216778c.msp
c:\windows\Installer\237a32f.msp
c:\windows\Installer\27a059.msp
c:\windows\Installer\27faa.msi
c:\windows\Installer\28a371.msp
c:\windows\Installer\35602453.msp
c:\windows\Installer\35602457.msp
c:\windows\Installer\3560245b.msp
c:\windows\Installer\3e8d0dc.msp
c:\windows\Installer\4b9a421.msi
c:\windows\Installer\4dd867.msp
c:\windows\Installer\51479.msp
c:\windows\Installer\5147d.msp
c:\windows\Installer\51481.msp
c:\windows\Installer\51485.msp
c:\windows\Installer\51489.msp
c:\windows\Installer\5148d.msp
c:\windows\Installer\51491.msp
c:\windows\Installer\51495.msp
c:\windows\Installer\51499.msp
c:\windows\Installer\5149d.msp
c:\windows\Installer\527c19a.msp
c:\windows\Installer\527c19e.msp
c:\windows\Installer\52d02d1.msp
c:\windows\Installer\52f993.msp
c:\windows\Installer\539b7cf.msp
c:\windows\Installer\539b7d3.msp
c:\windows\Installer\539b7d7.msp
c:\windows\Installer\58cdd07.msp
c:\windows\Installer\58cdd0b.msp
c:\windows\Installer\58cdd0f.msp
c:\windows\Installer\58cdd13.msp
c:\windows\Installer\9546f02b.msp
c:\windows\Installer\9546f02f.msp
c:\windows\Installer\9546f033.msp
c:\windows\Installer\9546f037.msp
c:\windows\Installer\9546f03b.msp
c:\windows\Installer\9546f03f.msp
c:\windows\Installer\9546f043.msp
c:\windows\Installer\9546f047.msp
c:\windows\Installer\9546f04b.msp
c:\windows\Installer\9546f04f.msp
c:\windows\Installer\9546f053.msp
c:\windows\Installer\9edbf.msp
c:\windows\Installer\9edc3.msp
c:\windows\Installer\9ff69e6.msp
c:\windows\Installer\a061f.msp
c:\windows\Installer\acbf27e.msp
c:\windows\Installer\acbf282.msp
c:\windows\Installer\b1c7f1.msp
c:\windows\Installer\b1c7f3.msp
c:\windows\Installer\b3b659f.msp
c:\windows\run.log
c:\windows\system32\9044134.dll
c:\windows\system32\drivers\ss.sys
c:\windows\system32\drivers\UACsodlhtkboc.sys
c:\windows\system32\UAChdwdlnbair.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjcskcjadyf.dll
c:\windows\system32\UACkfkrpxnktv.db
c:\windows\system32\UACmgqskwaalf.dll
c:\windows\system32\UACvmfnoddtfe.dat
c:\windows\system32\UACxdqjusibor.dll
c:\windows\system32\uBbIRXbc.ini
c:\windows\system32\uBbIRXbc.ini2
c:\windows\system32\winio.vxd

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_StreamSurge

((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-08-30 17:27 . 2009-08-30 17:27 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-30 17:27 . 2004-04-30 22:12 40960 ----a-w- c:\windows\system32\AWLL5025.dll
2009-08-30 17:27 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-08-30 17:27 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-08-28 15:13 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-28 15:13 . 2009-08-31 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-28 15:13 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 04:04 . 2009-09-06 19:28 -------- d-----w- c:\documents and settings\Rawr\Tracing
2009-08-27 04:04 . 2009-08-27 04:04 -------- d-----w- c:\documents and settings\Rawr\Local Settings\Application Data\Yahoo
2009-08-26 18:24 . 2009-08-26 18:24 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\.housecall6.6
2009-08-26 17:24 . 2009-08-26 17:24 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\McAfee
2009-08-26 00:46 . 2009-08-26 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-26 00:46 . 2009-08-26 00:56 -------- d-----w- c:\program files\Security Task Manager
2009-08-25 21:09 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 21:09 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 21:09 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 21:09 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 21:08 . 2009-08-25 21:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 21:08 . 2009-08-25 21:09 -------- d-----w- c:\program files\McAfee.com
2009-08-25 21:08 . 2009-09-01 22:19 -------- d-----w- c:\program files\McAfee
2009-08-25 20:48 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-23 02:51 . 2009-08-26 02:48 -------- d-----w- c:\program files\VstPlugins
2009-08-23 02:51 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-08-23 02:50 . 2009-08-23 02:50 -------- d-----w- c:\program files\Outsim
2009-08-23 02:44 . 2009-08-25 23:06 -------- d-----w- c:\program files\Image-Line
2009-08-20 20:39 . 2009-08-20 20:39 -------- d-----w- c:\program files\BlackIsle
2009-08-20 20:35 . 2009-08-20 20:39 52736 ----a-w- c:\windows\ipuninst.exe
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\SlySoft
2009-08-20 18:25 . 2009-08-20 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-08-16 05:42 . 2009-08-16 05:43 -------- d-----w- C:\844daf670dcd1f731db2c24aaa
2009-08-11 22:28 . 2009-08-11 22:28 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 03:53 . 2009-05-24 19:02 -------- d-----w- c:\program files\Cheat Engine
2009-08-31 03:55 . 2007-12-04 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-30 17:27 . 2006-06-03 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 20:11 . 2006-06-20 04:40 -------- d-----w- c:\program files\Warcraft III
2009-08-26 19:23 . 2007-02-10 16:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-26 18:24 . 2008-10-10 21:42 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-26 17:20 . 2006-12-26 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 04:11 . 2008-08-04 19:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-26 01:14 . 2009-04-22 21:29 -------- d-----w- c:\program files\PowerISO
2009-08-26 00:31 . 2006-12-12 03:43 -------- d-----w- c:\program files\EA GAMES
2009-08-26 00:31 . 2009-07-19 05:57 -------- d-----w- c:\program files\DivX
2009-08-25 22:26 . 2008-10-14 23:37 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\uTorrent
2009-08-25 19:25 . 2007-11-11 00:38 79400 ----a-w- c:\windows\War3Unin.dat
2009-08-25 19:20 . 2006-07-01 19:05 46616 ----a-w- c:\documents and settings\Gen-XDM(Games)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 18:42 . 2009-08-25 18:42 784563 ----a-w- c:\windows\system32\xa.tmp
2009-08-24 15:25 . 2008-06-13 13:49 -------- d-----w- c:\program files\Sword of the New World
2009-08-23 18:37 . 2009-07-23 18:20 -------- d-----w- c:\program files\Project64 1.6
2009-08-09 04:48 . 2009-08-08 18:26 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\Orbit
2009-08-08 23:57 . 2009-08-08 23:57 -------- d-----w- c:\program files\Trend Micro
2009-08-08 19:07 . 2009-08-08 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-08-08 18:54 . 2009-08-08 18:54 163513 ----a-w- c:\windows\Audio Converter Uninstaller.exe
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\River Past G5
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\program files\Common Files\River Past
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\program files\River Past
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 02:38 . 2006-06-03 17:57 -------- d-----w- c:\program files\Microsoft Games
2009-07-24 18:42 . 2008-07-01 15:57 34 -c--a-w- c:\documents and settings\Gen-XDM(Games)\jagex_runescape_preferences.dat
2009-07-23 18:17 . 2009-01-05 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-19 06:06 . 2009-07-19 06:06 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\DivX
2009-07-19 05:58 . 2009-07-19 05:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:28 . 2009-07-13 05:08 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\Hamachi
2009-07-13 05:07 . 2009-07-13 05:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-12 19:32 . 2007-02-08 00:12 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-11 21:33 . 2009-07-11 21:27 -------- d-----w- c:\program files\WinDS PRO
2009-07-11 21:28 . 2009-07-11 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinDS PRO
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 19:01 . 2009-07-01 05:49 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-02 19:01 . 2009-07-01 05:48 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-01 05:49 . 2009-07-01 05:49 139152 ----a-w- c:\documents and settings\Gen-XDM(Games)\Application Data\PnkBstrK.sys
2009-07-01 05:48 . 2009-07-01 05:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-01 05:48 . 2009-07-01 05:48 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:44 . 2004-08-04 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 15:46 . 2006-06-03 17:13 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

Re: Many different problems...8th September 2009, 2:33 am

------- Sigcheck -------

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-01-16 1398272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-02 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-30 185784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"atwtusb"="atwtusb.exe" - c:\windows\system32\atwtusb.exe [2005-04-26 290816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-8 113664]
Launchpad.lnk - c:\program files\IC Media Corp.\ICM532\Launchpad.exe [2009-5-4 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\bioshock demo\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - spd\\DOW2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\River Past\\Audio Converter\\AudioConverter.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57627:TCP"= 57627:TCP:Pando Media Booster
"57627:UDP"= 57627:UDP:Pando Media Booster
"58871:TCP"= 58871:TCP:Pando Media Booster
"58871:UDP"= 58871:UDP:Pando Media Booster

S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [5/27/2007 7:01 PM 22272]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys --> c:\windows\system32\Drivers\usbuvt.sys [?]
S3 gel90xne;gel90xne;\??\c:\docume~1\GEN-XD~1\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\GEN-XD~1\LOCALS~1\Temp\gel90xne.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2D4.tmp --> c:\windows\system32\2D4.tmp [?]
S3 ProtoWall;ProtoWall Defender;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 04:26]

2009-08-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 04:26]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
HKLM-Run-PWRISOVM.EXE - c:\program files\PowerISO\PWRISOVM.EXE
HKLM-Run-CmPCIaudio - CMICNFG3.CPL

Re: Many different problems...8th September 2009, 2:33 am

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
FF - ProfilePath - c:\documents and settings\Gen-XDM(Games)\Application Data\Mozilla\Firefox\Profiles\b59ir2fc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.gaiaonline.com/guilds/viewforum.php?f=123099
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\Gen-XDM(Games)\Application Data\Mozilla\Firefox\Profiles\b59ir2fc.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2D4.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-73586283-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,70,bf,89,43,80,00,60,e8,c0,f1,02,43,23,c0,71,92,41,2f,74,a8,e8,9f,
14,2b,7e,1b,d9,a8,8b,d5,70,29,3a,bc,ba,90,56,8d,82,6c,a0,59,f9,99,25,9b,80,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1757981266-73586283-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:57,55,ca,37,66,73,a0,1c,6c,fb,05,97,b3,f2,fb,ef,5d,d1,c3,c1,67,
94,24,ee,53,ff,5f,91,ac,e4,a1,84,73,b6,d6,73,ef,9d,b9,d3,36,f7,33,70,f8,05,\
"rkeysecu"=hex:9c,97,c0,28,b2,82,bf,30,cf,c9,48,b5,21,79,88,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Airlink101\AWLL5025\WLService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Airlink101\AWLL5025\AWLL5025.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\IC Media Corp\ICM532\launchpad.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-09-08 19:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 02:25

Pre-Run: 79,891,668,992 bytes free
Post-Run: 90,051,653,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

412 --- E O F --- 2009-08-26 20:00

Re: Many different problems...8th September 2009, 2:40 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\xa.tmp

FCopy::
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll | c:\windows\system32\eventlog.dll

Driver::
gel90xne
MEMSWEEP2
ProtoWall
XDva090
XDva143
XDva275
XDva279

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Many different problems... Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: Many different problems...9th September 2009, 1:26 am

It won't reboot my computer, it just sits there and says that it's going to.

Re: Many different problems...9th September 2009, 7:27 pm

Hello.
Reboot it manually then in that case.

Re: Many different problems...10th September 2009, 2:40 am

I did. No new log.

Re: Many different problems...10th September 2009, 7:17 pm

Try running Combofix normally, no CFScript this time.

Re: Many different problems...12th September 2009, 5:18 pm

I was able to run it with CFScript. Big Grin

ComboFix 09-09-11.05 - Gen-XDM(Games) 09/12/2009 9:09.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.591 [GMT -7:00]
Running from: E:\Combo-Fix.exe
Command switches used :: E:\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point

FILE ::
"c:\windows\system32\xa.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\127bfe.msp

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GEL90XNE
-------\Legacy_MEMSWEEP2
-------\Legacy_XDVA090
-------\Legacy_XDVA143
-------\Legacy_XDVA275
-------\Legacy_XDVA279
-------\Service_gel90xne
-------\Service_ProtoWall
-------\Service_XDva090
-------\Service_XDva143
-------\Service_XDva275
-------\Service_XDva279

((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-09 00:45 . 2009-09-09 01:05 -------- d-----w- C:\ComboFix
2009-08-30 17:27 . 2009-08-30 17:27 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-30 17:27 . 2004-04-30 22:12 40960 ----a-w- c:\windows\system32\AWLL5025.dll
2009-08-30 17:27 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-08-30 17:27 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-08-28 15:13 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-28 15:13 . 2009-08-31 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-28 15:13 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 04:04 . 2009-09-06 19:28 -------- d-----w- c:\documents and settings\Rawr\Tracing
2009-08-27 04:04 . 2009-08-27 04:04 -------- d-----w- c:\documents and settings\Rawr\Local Settings\Application Data\Yahoo
2009-08-26 18:24 . 2009-08-26 18:24 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\.housecall6.6
2009-08-26 17:24 . 2009-08-26 17:24 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\McAfee
2009-08-26 00:46 . 2009-08-26 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-26 00:46 . 2009-08-26 00:56 -------- d-----w- c:\program files\Security Task Manager
2009-08-25 21:09 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 21:09 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 21:09 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 21:09 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 21:08 . 2009-08-25 21:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 21:08 . 2009-08-25 21:09 -------- d-----w- c:\program files\McAfee.com
2009-08-25 21:08 . 2009-09-01 22:19 -------- d-----w- c:\program files\McAfee
2009-08-25 20:48 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-23 02:51 . 2009-08-26 02:48 -------- d-----w- c:\program files\VstPlugins
2009-08-23 02:51 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-08-23 02:50 . 2009-08-23 02:50 -------- d-----w- c:\program files\Outsim
2009-08-23 02:44 . 2009-08-25 23:06 -------- d-----w- c:\program files\Image-Line
2009-08-20 20:39 . 2009-08-20 20:39 -------- d-----w- c:\program files\BlackIsle
2009-08-20 20:35 . 2009-08-20 20:39 52736 ----a-w- c:\windows\ipuninst.exe
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\SlySoft
2009-08-20 18:25 . 2009-08-20 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-08-16 05:42 . 2009-08-16 05:43 -------- d-----w- C:\844daf670dcd1f731db2c24aaa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 03:53 . 2009-05-24 19:02 -------- d-----w- c:\program files\Cheat Engine
2009-08-31 03:55 . 2007-12-04 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-30 17:27 . 2006-06-03 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 20:11 . 2006-06-20 04:40 -------- d-----w- c:\program files\Warcraft III
2009-08-26 19:23 . 2007-02-10 16:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-26 18:24 . 2008-10-10 21:42 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-26 17:20 . 2006-12-26 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 04:11 . 2008-08-04 19:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-26 01:14 . 2009-04-22 21:29 -------- d-----w- c:\program files\PowerISO
2009-08-26 00:31 . 2006-12-12 03:43 -------- d-----w- c:\program files\EA GAMES
2009-08-26 00:31 . 2009-07-19 05:57 -------- d-----w- c:\program files\DivX
2009-08-25 22:26 . 2008-10-14 23:37 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\uTorrent
2009-08-25 19:25 . 2007-11-11 00:38 79400 ----a-w- c:\windows\War3Unin.dat
2009-08-25 19:20 . 2006-07-01 19:05 46616 ----a-w- c:\documents and settings\Gen-XDM(Games)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 15:25 . 2008-06-13 13:49 -------- d-----w- c:\program files\Sword of the New World
2009-08-23 18:37 . 2009-07-23 18:20 -------- d-----w- c:\program files\Project64 1.6
2009-08-09 04:48 . 2009-08-08 18:26 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\Orbit
2009-08-08 23:57 . 2009-08-08 23:57 -------- d-----w- c:\program files\Trend Micro
2009-08-08 19:07 . 2009-08-08 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-08-08 18:54 . 2009-08-08 18:54 163513 ----a-w- c:\windows\Audio Converter Uninstaller.exe
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\River Past G5
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\program files\Common Files\River Past
2009-08-08 18:54 . 2009-08-08 18:54 -------- d-----w- c:\program files\River Past
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 02:38 . 2006-06-03 17:57 -------- d-----w- c:\program files\Microsoft Games
2009-07-24 18:42 . 2008-07-01 15:57 34 -c--a-w- c:\documents and settings\Gen-XDM(Games)\jagex_runescape_preferences.dat
2009-07-23 18:17 . 2009-01-05 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-19 06:06 . 2009-07-19 06:06 -------- d-----w- c:\documents and settings\Gen-XDM(Games)\Application Data\DivX
2009-07-19 05:58 . 2009-07-19 05:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 05:07 . 2009-07-13 05:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-12 19:32 . 2007-02-08 00:12 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 19:01 . 2009-07-01 05:49 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-02 19:01 . 2009-07-01 05:48 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-01 05:49 . 2009-07-01 05:49 139152 ----a-w- c:\documents and settings\Gen-XDM(Games)\Application Data\PnkBstrK.sys
2009-07-01 05:48 . 2009-07-01 05:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-01 05:48 . 2009-07-01 05:48 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:44 . 2004-08-04 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 15:46 . 2006-06-03 17:13 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-08_02.17.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-12 16:32 . 2009-09-12 16:32 16384 c:\windows\Temp\Perflib_Perfdata_660.dat
+ 2007-01-27 23:44 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2007-01-27 23:44 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2006-06-03 04:37 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2006-06-03 04:37 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 12:00 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 13:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 13:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-06-06 23:42 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-01-16 1398272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-02 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-30 185784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"atwtusb"="atwtusb.exe" - c:\windows\system32\atwtusb.exe [2005-04-26 290816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-8 113664]
Launchpad.lnk - c:\program files\IC Media Corp.\ICM532\Launchpad.exe [2009-5-4 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\bioshock demo\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - spd\\DOW2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\River Past\\Audio Converter\\AudioConverter.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57627:TCP"= 57627:TCP:Pando Media Booster
"57627:UDP"= 57627:UDP:Pando Media Booster
"58871:TCP"= 58871:TCP:Pando Media Booster
"58871:UDP"= 58871:UDP:Pando Media Booster

R2 Airlink101 USB XR Adapter WLService;Airlink101 USB XR Adapter WLService;c:\program files\Airlink101\AWLL5025\WLService.exe [8/30/2009 10:27 AM 49152]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [5/27/2007 7:01 PM 22272]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys --> c:\windows\system32\Drivers\usbuvt.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/19/2009 5:27 PM 356920]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 04:26]

2009-08-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 04:26]
.
.

Re: Many different problems...12th September 2009, 5:19 pm

------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
FF - ProfilePath - c:\documents and settings\Gen-XDM(Games)\Application Data\Mozilla\Firefox\Profiles\b59ir2fc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.gaiaonline.com/guilds/viewforum.php?f=123099
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\Gen-XDM(Games)\Application Data\Mozilla\Firefox\Profiles\b59ir2fc.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 10:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-73586283-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,70,bf,89,43,80,00,60,e8,c0,f1,02,43,23,c0,71,92,41,2f,74,a8,e8,9f,
14,2b,7e,1b,d9,a8,8b,d5,70,29,3a,bc,ba,90,56,8d,82,6c,a0,59,f9,99,25,9b,80,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1757981266-73586283-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:57,55,ca,37,66,73,a0,1c,6c,fb,05,97,b3,f2,fb,ef,5d,d1,c3,c1,67,
94,24,ee,53,ff,5f,91,ac,e4,a1,84,73,b6,d6,73,ef,9d,b9,d3,36,f7,33,70,f8,05,\
"rkeysecu"=hex:9c,97,c0,28,b2,82,bf,30,cf,c9,48,b5,21,79,88,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Airlink101\AWLL5025\AWLL5025.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 17:09
ComboFix2.txt 2009-09-08 02:26

Pre-Run: 89,891,467,264 bytes free
Post-Run: 89,882,140,672 bytes free

320 --- E O F --- 2009-09-09 01:40

Re: Many different problems...12th September 2009, 11:10 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Many different problems... CF_Cleanup

This will also reset your restore points.

How is the machine running now?

Re: Many different problems...13th September 2009, 2:15 am

Great, it's no longer making loud noises when it starts up. Big Grin

Re: Many different problems...13th September 2009, 4:23 pm

^ I take that back ^

It's still making noises on startup, I can't run a virus scan and it wont connect to the internet.

Re: Many different problems...14th September 2009, 12:09 am

Can you explain better? what does the noise sound like?

Download the GMER rootkit scan from here: GMER

Unzip it and start GMER.
Click the >>> tab and then click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Many different problems...

descriptionMany different problems...28th August 2009, 3:04 pm

descriptionRe: Many different problems...31st August 2009, 4:14 am

descriptionRe: Many different problems...31st August 2009, 5:36 pm

descriptionRe: Many different problems...31st August 2009, 10:30 pm

descriptionRe: Many different problems...1st September 2009, 5:47 pm

descriptionRe: Many different problems...1st September 2009, 11:40 pm

descriptionRe: Many different problems...2nd September 2009, 12:42 am

descriptionRe: Many different problems...2nd September 2009, 1:52 am

descriptionRe: Many different problems...2nd September 2009, 1:03 pm

descriptionRe: Many different problems...2nd September 2009, 10:40 pm

descriptionRe: Many different problems...2nd September 2009, 11:53 pm

descriptionRe: Many different problems...3rd September 2009, 1:02 am

descriptionRe: Many different problems...3rd September 2009, 3:11 pm

descriptionRe: Many different problems...3rd September 2009, 10:17 pm

descriptionRe: Many different problems...7th September 2009, 2:49 am

descriptionRe: Many different problems...7th September 2009, 8:53 pm

descriptionRe: Many different problems...8th September 2009, 2:32 am

descriptionRe: Many different problems...8th September 2009, 2:33 am

descriptionRe: Many different problems...8th September 2009, 2:33 am

descriptionRe: Many different problems...8th September 2009, 2:40 pm

descriptionRe: Many different problems...9th September 2009, 1:26 am

descriptionRe: Many different problems...9th September 2009, 7:27 pm

descriptionRe: Many different problems...10th September 2009, 2:40 am

descriptionRe: Many different problems...10th September 2009, 7:17 pm

descriptionRe: Many different problems...12th September 2009, 5:18 pm

descriptionRe: Many different problems...12th September 2009, 5:19 pm

descriptionRe: Many different problems...12th September 2009, 11:10 pm

descriptionRe: Many different problems...13th September 2009, 2:15 am

descriptionRe: Many different problems...13th September 2009, 4:23 pm

descriptionRe: Many different problems...14th September 2009, 12:09 am

descriptionRe: Many different problems...