EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Redirecting Virus????? Please help

Posted 7/10/2009 7:36 AM
#75033
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
when i go to maplestory.nexon.net a virus redirects me to a porn website (WTF).

NOTE: It redirects only one website which is maplestory.nexon.net

I performed a quick scan from malwarebytes program and found 4 trojan agents... After that i went maplestory.nexon.net and still got redirected

I got this virus yesterday from downloading a program for a game.


The tools i already have: CCleaner, Malwarebytes, AVG, McAFee, Hijackthis, Advanced system care.


The hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:47 PM, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Manu\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Manu\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://au.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O1 - Hosts: 74.206.175.177 nexon.net
O1 - Hosts: 74.206.175.177 www.nexon.net
O1 - Hosts: 74.206.175.177 maplestory.nexon.net
O1 - Hosts: 74.206.175.177 maplestory.com
O1 - Hosts: 74.206.175.177 www.maplestory.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Manu\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA7D6CE-8903-40F9-8594-4A7586BC7A97}: NameServer = 192.168.2.1,10.0.0.138
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11781 bytes





Looking for help... Thanks
:smilewinkgrin:
Posted 7/10/2009 7:38 AM
#75034
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
Running full scan from malwarebytes' anti malware at the moment xD
Posted 7/10/2009 8:43 AM
#75036
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok ;-)

It looks like you have 3 antivirus running - AVG8/norton and McAfee. Which one do you prefer ?
""Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more."

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/10/2009 1:03 PM
#75039
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
ohh dude.. how come Malware thing didnt detect anything????

here's the log
Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 6.0.6001 Service Pack 1

10/07/2009 9:02:06 PM
mbam-log-2009-07-10 (21-02-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 277627
Time elapsed: 2 hour(s), 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Posted 7/10/2009 1:06 PM
#75040
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
Ok ill try to do the full scan in AVG.. (McAFee is toooo slow..!)
Posted 7/10/2009 2:09 PM
#75042
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
unistalled McAfee
Posted 7/10/2009 2:26 PM
#75044
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
AVG found nothing...
Posted 7/10/2009 3:37 PM
#75048
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Let´s see a combolog ->





Please download Combofix:

[color=#0000ff>Here[/url]

And save to the desktop.



Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here[/color][/b][/url].



Close all other browser windows.

Double-click on the combofix icon found on your desktop.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/11/2009 2:59 AM
#75064
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
ok done..

ComboFix 09-07-09.08 - Manu 11/07/2009 10:48.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2046.1236 [GMT 8:00]
Running from: c:\users\Manu\Desktop\ComboFix.exe
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-857502479-4244170445-3684516530-500
c:\windows\Installer\451c67.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 14:24 . 2009-06-26 08:00 327688 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-10 14:24 . 2009-06-26 08:00 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-10 14:24 . 2009-06-26 08:00 493336 ----a-w- c:\programdata\avg8\update\backup\avgtbapi.dll
2009-07-10 14:24 . 2009-06-26 08:00 2167576 ----a-w- c:\programdata\avg8\update\backup\avgresf.dll
2009-07-10 14:24 . 2009-06-26 08:00 3402008 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-10 14:24 . 2009-06-26 08:00 1204504 ----a-w- c:\programdata\avg8\update\backup\avgabout.dll
2009-07-10 14:24 . 2009-06-26 08:00 337176 ----a-w- c:\programdata\avg8\update\backup\avglogx.dll
2009-07-10 14:24 . 2009-06-26 08:00 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-10 14:24 . 2009-06-26 08:00 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-07-10 14:22 . 2009-06-26 07:58 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-10 14:22 . 2009-06-26 07:58 1454360 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-10 06:19 . 2009-07-10 06:19 -------- d-----w- c:\program files\CCleaner
2009-07-10 05:11 . 2009-07-10 05:11 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-09 11:16 . 2009-07-10 13:58 -------- d-----w- c:\users\Manu\AppData\Roaming\Canon
2009-07-09 07:27 . 2009-07-10 02:15 45056 ----a-r- c:\users\Manu\AppData\Roaming\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe1_193428D8940D435188F60AFA7D1E3CB8.exe
2009-07-09 07:27 . 2009-07-10 02:15 45056 ----a-r- c:\users\Manu\AppData\Roaming\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe_193428D8940D435188F60AFA7D1E3CB8.exe
2009-07-09 07:24 . 2009-07-09 07:24 -------- d-----w- C:\Nexon
2009-07-09 05:17 . 2009-07-10 13:56 -------- d-----w- c:\program files\Pando Networks
2009-07-03 13:18 . 2009-07-10 13:57 -------- d-----w- c:\program files\Persona
2009-07-03 09:02 . 2009-07-03 09:02 -------- d-----w- C:\Netgame
2009-07-01 23:26 . 2009-07-01 23:26 -------- d-----w- c:\program files\Conduit
2009-07-01 23:26 . 2009-07-01 23:26 -------- d-----w- c:\program files\PHPNukeEN
2009-07-01 11:11 . 2009-07-01 12:17 -------- d-----w- c:\users\Manu\AppData\Roaming\Nero
2009-07-01 10:53 . 2009-07-01 11:07 -------- d-----w- c:\program files\Nero
2009-07-01 10:52 . 2009-07-01 10:57 -------- d-----w- c:\programdata\Nero
2009-07-01 10:52 . 2009-07-01 11:09 -------- d-----w- c:\program files\Common Files\Nero
2009-07-01 10:51 . 2008-08-20 03:33 1315328 ----a-w- c:\windows\system32\ole32.dll
2009-07-01 00:02 . 2009-07-03 09:00 -------- d-----w- c:\program files\SlySoft
2009-06-30 23:46 . 2009-07-08 09:22 -------- d-----w- c:\program files\Warcraft III
2009-06-28 14:02 . 2009-07-09 11:16 -------- d-----w- c:\programdata\CanonIJPLM
2009-06-28 13:57 . 2009-06-28 13:57 -------- d-----w- c:\program files\Common Files\CANON
2009-06-28 13:50 . 2008-02-25 20:00 230912 ----a-w- c:\windows\system32\CNMLM9I.DLL
2009-06-28 13:50 . 2009-06-28 13:52 -------- d-----w- c:\users\Manu\{670849b5-97e4-402a-8128-8c926975cd77}
2009-06-26 09:23 . 2009-06-26 09:23 -------- d-----w- c:\users\Manu\AppData\Local\AVG Security Toolbar
2009-06-26 08:01 . 2009-06-26 08:01 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-16 23:41 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-06-16 23:41 . 2009-06-16 23:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-16 08:52 . 2009-06-16 08:53 -------- d-----w- c:\program files\BitTorrent
2009-06-13 13:51 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 13:51 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 14:29 . 2008-09-26 14:38 -------- d-----w- c:\programdata\McAfee
2009-07-10 14:23 . 2008-12-03 10:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-10 13:58 . 2009-05-01 13:15 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-10 13:58 . 2008-10-14 08:30 -------- d-----w- c:\program files\Canon
2009-07-10 05:11 . 2008-12-29 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 05:05 . 2008-12-03 10:39 -------- d-----w- c:\programdata\avg8
2009-07-10 04:04 . 2008-09-26 13:51 -------- d-----w- c:\program files\Steam
2009-07-08 09:04 . 2008-09-26 15:29 189800 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-08 08:48 . 2008-09-26 15:29 138608 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-04 09:10 . 2009-01-24 07:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-03 10:27 . 2008-09-26 13:51 -------- d-----w- c:\program files\Common Files\Steam
2009-07-03 10:26 . 2008-12-19 07:19 119504 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 09:56 . 2007-12-11 04:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-03 09:09 . 2007-12-11 04:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 09:08 . 2007-12-11 04:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-03 09:02 . 2009-03-31 08:16 -------- d-----w- c:\program files\Netgame
2009-06-26 08:00 . 2009-01-27 12:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 08:00 . 2008-12-03 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 03:27 . 2008-12-29 09:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 03:27 . 2008-12-29 09:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 08:52 . 2009-04-15 11:04 -------- d-----w- c:\program files\DNA
2009-06-14 23:25 . 2007-12-11 04:27 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 08:46 . 2007-12-11 04:26 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 13:53 . 2009-05-30 07:49 -------- d-----w- c:\users\Manu\AppData\Roaming\Bioshock
2009-05-31 10:01 . 2009-05-31 10:01 -------- d-----w- c:\users\Manu\AppData\Roaming\EBookSys
2009-05-30 07:43 . 2008-09-26 14:31 -------- d-----w- c:\users\Manu\AppData\Roaming\Media Center Programs
2009-05-30 07:40 . 2009-05-30 07:40 16311648 ----a-w- c:\users\Manu\AppData\Roaming\2K Games\BioShock\Builds\Release\Bioshock.exe
2009-05-30 07:39 . 2009-05-30 07:39 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-30 07:24 . 2009-05-30 07:24 -------- d-----w- c:\users\Manu\AppData\Roaming\InstallShield Installation Information
2009-05-30 07:24 . 2009-05-30 07:24 -------- d-----w- c:\users\Manu\AppData\Roaming\2K Games
2009-05-24 14:04 . 2009-05-24 14:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-24 14:04 . 2009-05-24 14:04 -------- d-----w- c:\programdata\Apple
2009-05-15 08:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-15 00:02 . 2009-05-15 00:02 2373416 ----a-w- c:\programdata\Nero\Nero\DrWeb\DrWeb32.dll
2009-05-14 23:50 . 2009-05-14 23:50 2373416 ----a-w- c:\programdata\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-05-13 15:25 . 2008-09-26 15:38 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-05-13 15:25 . 2008-09-26 15:38 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-05-13 15:25 . 2008-09-26 15:38 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-05-13 15:25 . 2008-06-26 22:08 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 15:24 . 2008-09-26 15:37 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-05-09 05:50 . 2009-06-10 09:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-23 12:43 . 2009-06-10 08:55 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 09:14 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 06:49 . 2008-09-26 14:36 119504 ----a-w- c:\users\Manu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-21 11:55 . 2009-06-10 09:28 2033152 ----a-w- c:\windows\system32\win32k.sys
2007-12-11 03:49 . 2007-12-11 03:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 08:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-02-16 07:44 1882136 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-06-14 1217784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6FE061E2-6D09-4E49-B04A-F70822468311}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8689B1A0-C88B-45A9-BAE4-0EA68AE0FCFE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{49D68890-468E-473C-A3F8-363D47569278}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4770A1D3-3DCC-4C34-BB0B-A68BC24E7D8D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9C8D30A8-064B-4847-AEE4-5B9A4EF8B7D2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8F71029B-E015-42D1-8370-9F101AE1235A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{72EA5B3B-DF06-4BCA-8D6A-EA66DD2FFAD0}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= UDP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"UDP Query User{125ED9B1-ADAC-449D-B34A-7C57A73FDB9C}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= TCP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"{5140C26E-7B5D-47EA-8C53-25CFEB79854B}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B0C00538-CBB0-4B46-A543-48E422FFA74B}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{3B9CEE44-91FD-45B5-87DB-594AAEAA8516}c:\\program files\\steam\\steamapps\\caha11\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\caha11\team fortress 2\hl2.exe:hl2
"UDP Query User{70DF8705-B306-4028-9F79-043BA58580CD}c:\\program files\\steam\\steamapps\\caha11\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\caha11\team fortress 2\hl2.exe:hl2
"{8856FBE3-2F47-484F-B38D-D691031B7BB7}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{63710C16-05D6-43C5-B211-516AA07C549F}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{4361748C-88AA-4569-A3EA-7FFB82AD8C01}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{11F4D765-1545-4E23-A001-597289BF71ED}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{43CBC44A-F141-4325-9B21-A16BCEF50E91}"= UDP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torque
"{9A777DD1-1D17-4702-8EA7-166199E66B35}"= TCP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torque
"TCP Query User{84D6C7D9-25C4-476F-9AA2-B1686B3F6853}c:\\users\\manu\\dragonbot1.4a_full\\dragonbot\\mirc.exe"= UDP:c:\users\manu\dragonbot1.4a_full\dragonbot\mirc.exe:mirc.exe
"UDP Query User{C089B7D5-2F40-402D-A2A1-FA50DF753BE8}c:\\users\\manu\\dragonbot1.4a_full\\dragonbot\\mirc.exe"= TCP:c:\users\manu\dragonbot1.4a_full\dragonbot\mirc.exe:mirc.exe
"TCP Query User{E6798FBB-06E0-49B1-809E-F17A0E1860AA}c:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= UDP:c:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam
"UDP Query User{39CAF706-8E19-454B-A2B9-8D2CB270B9A4}c:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= TCP:c:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam
"{6BD9DB6E-4D5F-4D61-9677-6F8379D0A856}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{F0C5C463-6FBD-4333-BF5F-DDA8EE22C6E3}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{47474CC2-F32F-40FE-A7FD-6B880976E89F}c:\\users\\manu\\program files\\dna\\btdna.exe"= UDP:c:\users\manu\program files\dna\btdna.exe:btdna.exe
"UDP Query User{89832368-05BB-447A-ACBD-605B25A7D9AA}c:\\users\\manu\\program files\\dna\\btdna.exe"= TCP:c:\users\manu\program files\dna\btdna.exe:btdna.exe
"{E8CCCB1F-D909-4CC7-BEC7-FD77CEE45BBE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{841BE63E-D49C-46ED-B763-0844DFEE9A40}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{D64A2B40-07E8-427E-ABF0-25D7E9375E6C}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{6D1DCF9A-45F3-448E-B601-F2004AE68D90}"= UDP:5353:Adobe CSI CS4
"{523E5D3B-4EE6-4BBB-9BE0-34EF7C7B22BE}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A0204CFE-C4C7-4A13-9F3E-B26F8D30908F}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{564E2297-1347-4623-B39A-62280B125B1E}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{DCFEF150-9A6E-4FFC-BDB2-5AEAE420F848}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{7B35C3B1-C266-4BF6-8EF1-F88714C32EE8}c:\\program files\\steam\\steamapps\\caha11\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\caha11\team fortress 2\hl2.exe:hl2
"UDP Query User{843E054E-2D52-4B75-BD01-F0719C71D2E1}c:\\program files\\steam\\steamapps\\caha11\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\caha11\team fortress 2\hl2.exe:hl2
"{E3BD4F78-96F0-43C3-A6E9-43CC579900F2}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{AE6F7D62-D39C-47FC-ADB4-AFCBD62EC82F}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9A4E9918-171C-43D7-A2B1-667B645E14CC}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A6D28D2D-E910-4447-80BA-41A770443CB2}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{1B87B773-D143-4238-BA69-B03F6EB3A56B}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9145A047-C1FA-4CC0-8C90-FB966C003222}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{8FC35CA2-5CFD-4558-9DDF-E06286781DF7}"= UDP:c:\program files\Garena\Garena.exe:Garena
"{9F933FB3-3EC0-437D-A385-0E3BB7ED64B2}"= TCP:c:\program files\Garena\Garena.exe:Garena
"{CF87C846-3045-4A1F-981E-D45B710A91F1}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{0D39BD40-8ABB-4318-8E7A-B51CB98D6D8F}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/12/2008 6:40 PM 335752]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/01/2009 8:19 PM 298776]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [18/03/2009 6:08 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [11/12/2007 12:39 PM 180272]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-15 01:55]

2009-07-11 c:\windows\Tasks\User_Feed_Synchronization-{61F0EE8C-A87D-4AE8-AA15-83606F46CACA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS


.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop
uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {3FA7D6CE-8903-40F9-8594-4A7586BC7A97} = 192.168.2.1,10.0.0.138
FF - ProfilePath - c:\users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\1zd68qst.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-07-11 10:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Manu\AppData\Local\Temp\BSQ5BDC.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3420107519-1398025699-341120056-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,2c,0b,a6,ce,89,ec,c6,75,8e,ec,c2,6f,0c,bc,78,66,83,c5,b0,20,34,2a,
0f,7f,31,45,7a,b0,ff,2b,90,22,db,93,fd,60,59,0b,71,ac,d7,d1,57,3a,6a,52,93,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
Completion time: 2009-07-11 10:55
ComboFix-quarantined-files.txt 2009-07-11 02:55

Pre-Run: 204,443,254,784 bytes free
Post-Run: 203,776,655,360 bytes free

271 --- E O F --- 2009-07-10 00:37
Posted 7/11/2009 3:01 AM
#75065
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
in case you need this O.o here's AVG log

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.387
Virus Database: Version 270.13.9/2229 2009-07-10

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\016714a7cfe210a9bb1fdbb632480ad2_5f271c48-7266-4b47-a26c-26bb63072ec4 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\373d18cc68361ffb0e1ae7418f8e4d64_5f271c48-7266-4b47-a26c-26bb63072ec4 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\815ff282da9c18044ac643f105db05ad_5f271c48-7266-4b47-a26c-26bb63072ec4 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82767fa7023e5a6b40fa7a4d39c5e194_5f271c48-7266-4b47-a26c-26bb63072ec4 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c076efcf83fee9995a2de6e0e38a5e4_5f271c48-7266-4b47-a26c-26bb63072ec4 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d31d6da4f118dc110dcc5581ad4e9f03_5f271c48-7266-4b47-a26c-26bb63072ec4 Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Administrator\AppData\Local\History\ Locked file. Not tested.
C:\Users\Administrator\Documents\My Music\ Locked file. Not tested.
C:\Users\Administrator\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Administrator\Documents\My Videos\ Locked file. Not tested.
C:\Users\Administrator\NetHood\ Locked file. Not tested.
C:\Users\Administrator\PrintHood\ Locked file. Not tested.
C:\Users\Administrator\Templates\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Manu\AppData\Local\History\ Locked file. Not tested.
C:\Users\Manu\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Manu\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Manu\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Manu\Documents\My Music\ Locked file. Not tested.
C:\Users\Manu\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Manu\Documents\My Videos\ Locked file. Not tested.
C:\Users\Manu\NetHood\ Locked file. Not tested.
C:\Users\Manu\NTUSER.DAT Locked file. Not tested.
C:\Users\Manu\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Manu\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Manu\PrintHood\ Locked file. Not tested.
C:\Users\Manu\Templates\ Locked file. Not tested.
C:\Users\Mcx1\AppData\Local\History\ Locked file. Not tested.
C:\Users\Mcx1\Documents\My Music\ Locked file. Not tested.
C:\Users\Mcx1\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Mcx1\Documents\My Videos\ Locked file. Not tested.
C:\Users\Mcx1\NetHood\ Locked file. Not tested.
C:\Users\Mcx1\PrintHood\ Locked file. Not tested.
C:\Users\Mcx1\Recent\ Locked file. Not tested.
C:\Users\Mcx1\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\catroot2\edb.log Locked file. Not tested.
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\WINDOWS\System32\config\COMPONENTS Locked file. Not tested.
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SAM Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\WINDOWS\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\WINDOWS\System32\config\SAM Locked file. Not tested.
C:\WINDOWS\System32\config\SAM.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SAM.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\WINDOWS\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\History\ Locked file. Not tested.
C:\WINDOWS\System32\config\systemprofile\Documents\My Music\ Locked file. Not tested.
C:\WINDOWS\System32\config\systemprofile\Documents\My Pictures\ Locked file. Not tested.
C:\WINDOWS\System32\config\systemprofile\Documents\My Videos\ Locked file. Not tested.
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 510760
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
Posted 7/11/2009 5:59 AM
#75070
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks clean.




Please post fresh hijackthis log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/11/2009 12:44 PM
#75074
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:35 PM, on 11/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Manu\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.ninemsn.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://au.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Manu\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA7D6CE-8903-40F9-8594-4A7586BC7A97}: NameServer = 192.168.2.1,10.0.0.138
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12199 bytes
Posted 7/11/2009 1:10 PM
#75075
User avatar

TheDude123 Valued member

Date Joined Nov 2016
Total Posts: 10
its not there now.. i dont know what happened ... thanks for the help
Posted 7/12/2009 6:40 AM
#75100
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
We have fixed it ;-)





Now your computer problems are solved, it is time for the clean-up procedure ->

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.



Click START then RUN

Now type Combofix /u in the runbox and click OK.

Note the space between the X and the U, it needs to be there.


The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present.
The C:\Deckard folder, if present.
The C:_OtMoveIt folder, if present.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.


To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:

https://www.spywareinfoforum.com/index.php?showtopic=60955


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/4/2009 4:18 AM
#75678
User avatar

Charlie Weber Member

Date Joined Nov 2016
Total Posts: 1
hey I down loaded ares and tried to get rid of it and it told me not all of the file could be erased. now I'm left with a slow computer and a file that came with ares that is un deletable. ( file name:PHPNukeEn)
what do I do to get rid of it?
Posted 8/4/2009 4:26 AM
#75680
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello Charlie Weber :smile:





Download This program.

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs, in your own NEW Topic.



Note : Fix_download.exe is detected by some antivirus programs as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

If necessary, temporarily disable your anti-virus, real-time protection before downloading






Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, July 2, 2022, 1:30 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
30 Guest(s), 0 Registered Member(s) are currently online.