Win32.Agent.pz Removal

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Joonzii666

Thread Starter
Joined
Sep 23, 2008
Messages
2
Hey guys, i need help removing this virus. I've tried everything within my knowledge but to no avail (maybe i'm just dumb lol). So can anyone help diagnose my Hijack this log?


Thankyou.


Logfile of HijackThis v1.99.1
Scan saved at 12:11:49 PM, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\analyses.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} -
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
 

Joonzii666

Thread Starter
Joined
Sep 23, 2008
Messages
2
Also here is my ComboFix log.

ComboFix 08-09-22.06 - user 2008-09-24 14:12:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1514 [GMT 9.5:30]
Running from: C:\Documents and Settings\user\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Program Files\Common Files\{38C9F~1
C:\Program Files\Common Files\{F8C9F~1
C:\Program Files\Common Files\{F8C9F~1\system.dll
C:\Program Files\Common Files\{F8C9F~2
C:\Program Files\Common Files\{F8C9F~2\system.dll
C:\Program Files\Common Files\{F8C9F~2\Update.exe
C:\Program Files\Common Files\crosof~1
C:\Program Files\outlook

----- BITS: Possible infected sites -----

hxxp://www.graboid.com
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 11:50 . 2008-09-24 11:50 <DIR> d--hs---- C:\found.000
2008-09-24 10:34 . 2008-09-24 10:34 <DIR> d-------- C:\VundoFix Backups
2008-09-23 18:26 . 2008-09-23 18:26 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-23 12:40 . 2008-09-23 12:40 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\twain_32
2008-09-22 13:52 . 2008-09-24 13:53 <DIR> d--hs---- C:\WINDOWS\system32\twain_32
2008-09-22 13:52 . 2008-09-24 11:53 69,790 --a------ C:\WINDOWS\system32\twain_32\local.ds
2008-09-22 13:52 . 2008-09-24 14:17 99 --a------ C:\WINDOWS\system32\twain_32\user.ds
2008-09-22 12:35 . 2004-07-02 17:28 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-09-22 12:35 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-09-22 12:31 . 2002-01-05 04:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2008-09-22 12:31 . 2002-01-05 04:36 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2008-09-22 12:30 . 2008-09-22 12:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-09-22 12:29 . 2002-03-19 10:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2008-09-11 18:26 . 2008-09-11 18:26 <DIR> d-------- C:\Program Files\LG Soft India
2008-09-11 18:26 . 2004-04-16 11:24 61,440 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-07 15:33 . 2008-09-07 15:33 0 --a------ C:\Documents and Settings\user\jagex_runescape_preferences.dat
2008-09-07 01:08 . 2008-09-07 01:08 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-09-07 01:08 . 2008-09-07 01:08 <DIR> d-------- C:\DVDVideoSoft
2008-09-03 11:45 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-09-03 11:45 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-09-03 11:45 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-09-02 09:56 . 2008-09-02 09:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\EPSON
2008-09-02 09:56 . 2008-09-02 09:56 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-09-02 09:50 . 2008-09-03 11:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2008-09-02 09:50 . 2006-12-08 11:34 76,800 --a------ C:\WINDOWS\system32\E_FLBCAP.DLL
2008-09-02 09:50 . 2006-04-19 11:30 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAP.DLL
2008-09-02 09:50 . 2004-09-11 05:42 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-02 09:46 . 2008-09-03 11:53 <DIR> d-------- C:\Program Files\epson
2008-09-02 09:45 . 2008-09-02 09:45 25 --a------ C:\WINDOWS\CDE CX5500Asia.ini
2008-08-31 15:08 . 2008-08-31 15:08 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-08-28 06:33 . 2008-08-28 06:33 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-26 12:28 . 2008-08-26 12:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 01:03 --------- d-----w C:\Program Files\Steam
2008-09-24 01:03 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
2008-09-24 00:52 --------- d-----w C:\Documents and Settings\user\Application Data\AVG7
2008-09-23 10:24 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 07:53 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-09-22 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 10:19 --------- d-s---w C:\Program Files\Xfire
2008-09-06 15:38 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-09-02 09:23 --------- d-----w C:\Program Files\ImTOO
2008-09-02 09:21 --------- d-----w C:\Program Files\Bonjour
2008-09-02 09:20 --------- d-----w C:\Program Files\Canon
2008-09-01 07:48 --------- d-----w C:\Program Files\Windows Live
2008-09-01 07:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-08-31 05:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-30 06:23 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-08-17 04:16 --------- d-----w C:\Program Files\Microsoft Games
2008-08-16 06:47 --------- d-----w C:\Program Files\FrostWire
2008-08-16 04:53 --------- d-----w C:\Program Files\Common Files\Canon
2008-08-15 11:21 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-08-14 13:05 --------- d-----w C:\Documents and Settings\user\Application Data\Reallusion
2008-08-14 13:04 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-08-12 05:01 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2008-08-12 05:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2008-08-11 13:54 --------- d-----w C:\Program Files\YASAMP4Converter
2008-08-11 13:32 --------- d-----w C:\Documents and Settings\user\Application Data\ImTOO Software Studio
2008-08-09 15:59 --------- d-----w C:\Program Files\Graboid
2008-08-09 13:57 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-06 10:35 --------- d-----w C:\Documents and Settings\user\Application Data\Graboid Inc
2008-08-04 12:05 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-03 07:51 --------- d-----w C:\Program Files\World of Warcraft
2008-08-02 09:49 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-02 03:51 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys
2008-08-01 09:32 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-08-01 09:32 --------- d-----w C:\Program Files\Avanquest update
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-18 12:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:39 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:37 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:37 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-10-21 00:02 56,136 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-10-10 08:59 0 -c--a-w C:\Documents and Settings\Paulus Maximus\Application Data\wklnhst.dat
2006-06-15 11:03 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 09:13 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 05:11 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 03:40 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 02:49 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 09:05 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 01:40 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 02:12 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 01:52 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 01:51 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 580096]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-29 219136]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe [2008-09-11 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\twext.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 22:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5500 Series]
--a------ 2007-01-25 15:30 179200 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 12:41 196608 c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 16:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-09-07 22:26 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\pendu666\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\pendu666\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\pendu666\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-05-10 15172]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [2007-12-24 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [2007-12-24 13312]
S3 SMC2862W;SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [ ]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Config - C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0n1vm11l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 14:18:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-24 14:19:47
ComboFix-quarantined-files.txt 2008-09-24 04:49:14

Pre-Run: 34,817,908,736 bytes free
Post-Run: 37,788,319,744 bytes free

218 --- E O F --- 2008-09-10 14:46:16
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top