Free Malware Removal Forum

[Troglet]

as the title says, redirection from Google links and the "boo boop.... boop boo" cursor problems, i have tried all combination of USB slots and keyboards to no avail. also 2 mice.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:21, on 01/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\program files\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IceChat7\IceChat7.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA1BF427-E6A6-4352-B738-BA1F20D66149}: NameServer = 62.24.199.13,62.24.199.23
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6772 bytes

[jmw3]

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:

• Any recommendations made are for your computer problems only and should NOT be used on any other computer.
• Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
  1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
  2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
• If you get stuck or are unsure of something please ask for a further explanation, do not guess.
• It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

μTorrent

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

Disable Spybot's TeaTimer 1.5 & 1.6

• If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
• Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
• Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy
• Click on Mode > Advanced Mode. When it prompts you, click Yes
• On the left hand side, click on Tools
• Check this box if it is not yet ticked: Resident
• You will notice that Resident is now added under Tools. Click on Resident
• Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active
• Exit Spybot Search & Destroy
• Restart your computer for the changes to take effect

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2

• Double-Click on dds.scr and a command window will appear. This is normal
• Shortly after two logs will appear, DDS.txt & Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gmer
Download GMER Rootkit Scanner from here.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

[Troglet]

replying to let you know im still here, will do what you say after iv been to sleep im to tired at the moment, thanks alot for the response.

[jmw3]

[Troglet]

having a problem with gmer but dds worked fine, ill try gmer again later im afraid im busy and it causes my computer to freeze up completely that may just be something separate though here is the attach and log.

attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 01/07/2009 02:24:43
System Uptime: 08/05/2009 04:12:34 (2136 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7255
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 63.034 GiB free.
D: is FIXED (NTFS) - 228 GiB total, 161.585 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 57.518 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_1708&SUBSYS_14627255&REV_1005\5&2BCE0AA7&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_1708&SUBSYS_14627255&REV_1005\5&2BCE0AA7&0&0001
Service:

==== System Restore Points ===================

RP1: 28/07/2009 00:48:49 - System Checkpoint
RP2: 28/07/2009 00:48:49 - Installed Sound Blaster Audigy
RP3: 28/07/2009 00:48:49 - Installed Windows Media Format Runtime
RP4: 28/07/2009 00:48:49 - Installed Creative Restore Defaults
RP5: 28/07/2009 00:48:49 - Installed Creative Software AutoUpdate
RP6: 28/07/2009 00:48:49 - Installed Sygate Personal Firewall
RP7: 28/07/2009 00:48:49 - Installed Steam
RP8: 28/07/2009 00:48:49 - Installed iTunes
RP9: 28/07/2009 00:48:49 - System Checkpoint
RP10: 28/07/2009 00:48:49 - System Checkpoint
RP11: 28/07/2009 00:48:49 - System Checkpoint
RP12: 28/07/2009 00:48:49 - System Checkpoint
RP13: 28/07/2009 00:48:49 - System Checkpoint
RP14: 28/07/2009 00:48:49 - System Checkpoint
RP15: 28/07/2009 00:48:50 - System Checkpoint
RP16: 28/07/2009 00:48:50 - System Checkpoint
RP17: 28/07/2009 00:48:50 - Installed DirectX
RP18: 28/07/2009 00:48:50 - System Checkpoint
RP19: 28/07/2009 00:48:50 - System Checkpoint
RP20: 28/07/2009 00:48:50 - Removed BBC iPlayer Desktop
RP21: 28/07/2009 00:48:50 - System Checkpoint
RP22: 28/07/2009 00:48:50 - System Checkpoint
RP23: 28/07/2009 00:48:50 - System Checkpoint
RP24: 28/07/2009 00:48:50 - System Checkpoint
RP25: 28/07/2009 00:48:51 - Installed DirectX
RP26: 28/07/2009 00:48:51 - Installed Microsoft Visual C++ 2005 Redistributable
RP27: 28/07/2009 00:48:51 - System Checkpoint
RP28: 28/07/2009 00:48:51 - Installed mkv2vob
RP29: 28/07/2009 00:48:51 - System Checkpoint
RP30: 28/07/2009 00:48:51 - System Checkpoint
RP31: 28/07/2009 00:48:51 - Software Distribution Service 3.0
RP32: 28/07/2009 00:48:51 - Software Distribution Service 3.0
RP33: 28/07/2009 00:48:51 - System Checkpoint
RP34: 28/07/2009 03:00:11 - Software Distribution Service 3.0
RP35: 29/07/2009 03:00:10 - Software Distribution Service 3.0
RP36: 30/07/2009 09:14:26 - System Checkpoint
RP37: 31/07/2009 10:35:13 - System Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
Alarm 2.0.4
Anno 1404
Any Video Converter 2.7.6
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Antivirus
AVIConverter CHN-EN Package
Bonjour
Call of Duty 4: Modern Warfare
Choice Guard
Company of Heroes
Counter-Strike
Counter-Strike: Source
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Music Converter
FlashMute
GIMP 2.6.6
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IceChat 7.63 (Build 20080417)
ImgBurn
iTunes
Java(TM) 6 Update 11
K-Lite Codec Pack 5.0.0 (Full)
Left 4 Dead
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
mkv2vob
Mozilla Firefox (3.5.2)
MSVCRT
NVIDIA Drivers
NVIDIA PhysX
OpenAL
QuickTime
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Segoe UI
Sound Blaster Audigy
Spybot - Search & Destroy
Steam
Sygate Personal Firewall
Team Fortress 2
Trials 2 Second Edition
TweetDeck
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Viewpoint Media Player
VLC media player 1.0.0-rc4
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

31/07/2009 07:38:11, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
30/07/2009 18:35:03, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
30/07/2009 18:16:01, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
29/07/2009 18:20:44, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

==== End Of File ===========================

dds:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Troglet at 4:32:01.18 on 05/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1211 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090804-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\program files\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FlashMute\FlashMute.exe
svchost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\IceChat7\IceChat7.exe
C:\Documents and Settings\Troglet\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "d:\program files\steam.exe" -silent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [FlashMute] c:\program files\flashmute\FlashMute.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\troglet\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {EA1BF427-E6A6-4352-B738-BA1F20D66149} = 62.24.199.13,62.24.199.23
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\troglet\applic~1\mozilla\firefox\profiles\mla1ic55.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_11.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-1 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-1 352920]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-08-04 22:07 <DIR> --d----- c:\documents and settings\troglet\.thumbnails
2009-08-04 21:56 <DIR> --d----- c:\documents and settings\troglet\.gimp-2.6
2009-08-04 21:56 <DIR> --d----- c:\documents and settings\troglet\.gegl-0.0
2009-08-04 21:56 <DIR> --d----- c:\program files\GIMP-2.0
2009-08-01 23:02 <DIR> --d----- c:\program files\Trend Micro
2009-07-31 07:24 <DIR> --d----- c:\docume~1\troglet\applic~1\Malwarebytes
2009-07-31 07:24 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-31 07:24 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-31 07:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-31 07:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 19:23 200 a------- c:\windows\wininit.ini
2009-07-30 18:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-30 18:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-29 20:48 <DIR> --d----- c:\docume~1\troglet\applic~1\dBpoweramp
2009-07-28 00:52 168,448 a------- c:\windows\system32\unrar.dll
2009-07-28 00:52 839,680 a------- c:\windows\system32\lameACM.acm
2009-07-28 00:52 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-07-28 00:52 118,784 a------- c:\windows\system32\ac3acm.acm
2009-07-28 00:52 414 a------- c:\windows\system32\lame_acm.xml
2009-07-28 00:52 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-07-28 00:52 881,664 a------- c:\windows\system32\xvidcore.dll
2009-07-28 00:52 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-07-28 00:52 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-28 00:52 685,056 a------- c:\windows\system32\divx.dll
2009-07-28 00:52 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-07-28 00:52 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-07-28 00:52 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-07-27 20:06 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-27 20:05 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-26 17:04 <DIR> --d----- c:\docume~1\troglet\applic~1\Any Video Converter
2009-07-26 17:04 <DIR> --d----- c:\program files\Any Video Converter
2009-07-26 05:27 <DIR> --d----- c:\docume~1\troglet\applic~1\AccurateRip
2009-07-26 05:26 5,433,520 a------- c:\windows\system32\SpoonUninstall.exe
2009-07-26 05:26 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-07-26 05:26 14,362 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-26 05:26 <DIR> --d----- c:\program files\dBpoweramp
2009-07-24 02:57 41,872 a------- c:\windows\system32\xfcodec.dll
2009-07-23 19:25 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-23 19:25 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-23 19:24 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-23 19:24 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-23 19:24 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-23 19:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-23 19:22 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-23 19:22 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-23 19:22 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-07-23 19:21 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-23 06:26 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-23 04:51 <DIR> --d----- c:\program files\FlashMute
2009-07-21 02:25 <DIR> --d----- c:\documents and settings\troglet\Incomplete
2009-07-21 02:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-21 02:21 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-20 14:22 <DIR> --d----- c:\program files\mkv2vob
2009-07-20 13:43 <DIR> --d----- c:\program files\iPod
2009-07-20 13:43 <DIR> --d----- c:\program files\iTunes
2009-07-18 13:02 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-07-18 13:02 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-07-18 13:02 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-07-17 01:21 <DIR> --d----- c:\documents and settings\troglet\dwhelper
2009-07-13 04:53 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-13 04:21 <DIR> --d----- c:\docume~1\troglet\applic~1\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-07-10 10:05 140,488 a------- c:\windows\system32\comdlg32.ocx
2009-07-10 10:05 61,440 a------- c:\windows\system32\digitbox.ocx
2009-07-10 10:05 <DIR> --d----- c:\program files\Alarm
2009-07-10 03:24 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2009-07-10 03:24 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-07-10 03:24 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-10 03:24 <DIR> --d----- c:\program files\OpenAL
2009-07-10 03:24 <DIR> --d----- c:\program files\Trials 2 Second Edition
2009-07-08 15:51 38 a------- c:\windows\AviSplitter.INI
2009-07-08 14:37 <DIR> --d----- c:\program files\TweetDeck

==================== Find3M ====================

2009-07-10 03:24 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-02 09:44 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-01 02:19 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-26 17:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 17:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll

============= FINISH: 4:36:23.00 ===============

[jmw3]

Hi
Did you disable Spybot's TeaTimer before running Gmer? You can also try unticking Services in Gmer & see if that helps.

If you still have no luck try this one:
SysProt
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under Attachments, or you can get it from one of the mirrors) then unzip it into a folder on your desktop.
http://sites.google.com/site/sysprotantirootkit/

• Double click Sysprot.exe to start the program
• Click on the Log tab
• In the Write to log box select all items
• Click on the Create Log button on the bottom right
• After a few seconds a new window should appear
• Select Scan Root Drive then click on the Start button
• When it is complete a new window will appear to indicate that the scan is finished
• The log will be saved automatically in the same folder Sysprot.exe was extracted to
• Open the text file and copy/paste the contents of the log in your next reply

[Troglet]

still here still doing stuff just busy sorry

[jmw3]

Hi
Please try not to leave it too much longer otherwise this thread will have to be closed.

Thanks

[Troglet]

ok so my computer completely died not long after what i assume now was a fake windows update (yeah yeah i know i thought i just had some popup problems not full blown virtual aids i have reinstalled windows on the same harddrive (C:\WINDOWS0\) im going to move over important files (basically just bookmarks, i had everything else important on separate HD) then reformat will update then, this will almost certainly get rid of the popups and mouse lag

[jmw3]

OK... no worries.

[Troglet]

reinstalled windows and most programs, seems to be working fine thanks for the help you can close/delete topic

[jmw3]

Ok... will do.

Good luck & Safe Surfing.

[Troglet]

wait wait, all of a sudden after going to sleep with computer running steam was downloading games and it says "fatal error during installation" and my D:\ drive is gone (what it was installed on) what happened how do i get it back?

nevermind did some rebooting and looked around in BIOS got the drive back thanks

[jmw3]

Hi

Just to clarify... do you need some assistance here or is everything OK?

[Troglet]

no everything is good now thanks, the drive has shown back up after fking with BIOS and rebooting a couple times, thanks alot