zerokool81

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About zerokool81

  • Rank
    Newbie
  1. thanks for the help im really thankful.i also did everything in the current reply thanks again
  2. here you go hjt results an two malwarebytes scans Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:36 AM, on 10/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\RapidBIT\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/?RID=1113...2HMVMXQF5DMSDE3 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'Default user') O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5907 bytes mbam_log_2009_10_07__04_39_37_.txt mbam_log_2009_10_07__09_56_13_.txt
  3. heres the kaspersky scan results -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, October 6, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, October 06, 2009 23:07:29 Records in database: 2924226 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 57186 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:08:53 No threats found. Scanned area is clean. Selected area has been scanned.
  4. for the malwarebytes ive bin useing it the most recent scan i did i made sure was updated and nothing still came up but if you would like i will run another full scan and post the results
  5. hi heres from the first one you requested VirSCAN.org Scanned Report : Scanned time : 2009/10/06 18:19:30 (EDT) Scanner results: All Scanners reported not find malware! File Name : sfcfiles.dll File Size : 1614848 byte File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3 MD5 : 89e53bcd2aac82523ffa9fc2580c1e62 SHA1 : 196ecd29bc68aaa149f9f5a452da081e85fae797 Online report : http://virscan.org/report/d668f0ec5d36aa30...9d25ec869e.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091007053116 2009-10-07 4.32 - AhnLab V3 2009.10.07.00 2009.10.07 2009-10-07 0.94 - AntiVir 8.2.1.33 7.1.6.80 2009-10-06 0.48 - Antiy 2.0.18 20091005.2966709 2009-10-05 0.12 - Arcavir 2009 200910061754 2009-10-06 0.06 - Authentium 5.1.1 200910061740 2009-10-06 1.17 - AVAST! 4.7.4 091005-0 2009-10-05 0.07 - AVG 8.5.288 270.14.5/2418 2009-10-07 0.33 - BitDefender 7.81008.4317271 7.28125 2009-10-07 3.69 - CA (VET) 9.0.0.143 35.1.7053 2009-10-06 5.79 - ClamAV 0.95.2 9866 2009-10-03 0.20 - Comodo 3.11 2524 2009-10-06 0.74 - CP Secure 1.3.0.5 2009.10.06 2009-10-06 0.00 - Dr.Web 4.44.0.9170 2009.10.06 2009-10-06 5.55 - F-Prot 4.4.4.56 20091006 2009-10-06 1.17 - F-Secure 7.02.73807 2009.10.06.17 2009-10-06 0.12 - Fortinet 2.81-3.120 10.912 2009-10-06 0.24 - GData 19.8250/19.501 20091006 2009-10-06 5.35 - ViRobot 20091006 2009.10.06 2009-10-06 0.43 - Ikarus T3.1.01.72 2009.10.06.73962 2009-10-06 4.14 - JiangMin 11.0.800 2009.10.05 2009-10-05 3.90 - Kaspersky 5.5.10 2009.10.06 2009-10-06 0.06 - KingSoft 2009.2.5.15 2009.10.6.18 2009-10-06 0.51 - McAfee 5.3.00 5763 2009-10-06 3.29 - Microsoft 1.5101 2009.10.06 2009-10-06 5.46 - Norman 6.01.09 6.01.00 2009-09-16 1.84 - Panda 9.05.01 2009.10.06 2009-10-06 2.08 - Trend Micro 8.700-1004 6.512.02 2009-10-06 0.07 - Quick Heal 10.00 2009.10.06 2009-10-06 2.29 - Rising 20.0 21.49.22.00 2009-09-30 0.84 - Sophos 2.90.1 4.45 2009-10-07 3.56 - Sunbelt 5432 5432 2009-10-06 1.54 - Symantec 1.3.0.24 20091006.005 2009-10-06 0.06 - nProtect 20091006.01 5735552 2009-10-06 6.91 - The Hacker 6.5.0.2 v00032 2009-10-06 0.73 - VBA32 3.12.10.11 20091005.0813 2009-10-05 1.83 - VirusBuster 4.5.11.10 10.112.60/1943189 2009-10-06 2.44 -
  6. here it is ComboFix 09-10-04.01 - Administrator 10/05/2009 15:11.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.757 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: avast! antivirus 4.8.1356 [VPS 091004-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ADMINI~1\LOCALS~1\Temp\462219sys.dll c:\documents and settings\Administrator\Local Settings\Temp\462219sys.dll c:\windows\Installer\858b1f2.msi . ((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 ))))))))))))))))))))))))))))))) . 2009-10-04 16:44 . 2009-10-04 16:44 -------- d-----w- c:\program files\Trend Micro 2009-10-04 05:32 . 2009-10-05 11:16 -------- d-----w- c:\program files\WinClamAVShield 2009-10-04 05:26 . 2009-10-04 05:26 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2009-10-04 05:26 . 2009-10-05 11:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator 2009-10-04 05:26 . 2009-10-05 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-10-04 05:26 . 2009-10-04 06:32 -------- d-----w- c:\program files\Spyware Terminator 2009-10-04 04:31 . 2009-10-04 04:30 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-10-04 04:30 . 2009-10-04 04:31 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6 2009-10-04 04:20 . 2009-10-04 04:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8 2009-10-04 01:00 . 2009-10-05 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-04 01:00 . 2009-10-04 01:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-03 21:52 . 2009-10-03 22:25 -------- d-----w- c:\program files\Win32.TrojanPWS.OnlineGames Removal Tool 2009-10-01 17:20 . 2008-04-14 08:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-09-29 19:13 . 2008-04-14 08:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-09-29 19:13 . 2008-04-14 08:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-09-29 19:11 . 2004-04-14 15:08 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys 2009-09-29 19:11 . 2004-04-14 15:08 44064 ----a-w- c:\windows\system32\drivers\WmXlCore.sys 2009-09-29 19:11 . 2004-04-14 15:08 21280 ----a-w- c:\windows\system32\drivers\WmFilter.sys 2009-09-29 19:11 . 2004-04-14 15:08 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys 2009-09-29 19:11 . 2009-09-29 19:11 -------- d-----w- c:\program files\Common Files\Logitech 2009-09-27 00:35 . 2009-09-27 00:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-27 00:30 . 2009-05-29 00:25 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-09-27 00:30 . 2009-05-29 00:25 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-09-27 00:30 . 2009-10-05 09:25 -------- d-----w- c:\windows\system32\ZoneLabs 2009-09-27 00:30 . 2009-09-27 00:30 -------- d-----w- c:\program files\Zone Labs 2009-09-27 00:30 . 2009-05-29 00:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-09-27 00:29 . 2009-10-05 19:18 -------- d-----w- c:\windows\Internet Logs 2009-09-25 23:48 . 2009-09-25 23:48 -------- d-----w- c:\documents and settings\Administrator\Downloads 2009-09-25 18:13 . 2009-09-27 00:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\CheckPoint 2009-09-24 15:55 . 2009-09-24 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard 2009-09-24 15:54 . 2009-09-24 15:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-09-22 14:37 . 2009-09-22 14:37 -------- d-----w- c:\program files\MSXML 4.0 2009-09-22 01:14 . 2009-09-22 01:17 -------- d-----w- c:\program files\Nero 2009-09-22 00:47 . 2009-09-22 03:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero 2009-09-22 00:01 . 2009-09-22 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-09-22 00:01 . 2009-09-22 01:19 -------- d-----w- c:\program files\Common Files\Nero 2009-09-20 17:34 . 2009-09-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-09-20 17:34 . 2009-09-20 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU 2009-09-20 17:32 . 2009-09-20 17:33 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-09-20 17:32 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-09-20 17:32 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-09-20 17:32 . 2008-08-13 15:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-09-20 17:32 . 2009-09-20 17:33 -------- d-----w- c:\program files\AVS4YOU 2009-09-20 17:32 . 2008-08-13 15:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2009-09-20 03:54 . 2009-09-20 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink 2009-09-20 03:53 . 2009-09-20 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-09-20 03:53 . 2009-09-20 03:53 -------- d-----w- c:\program files\Common Files\CyberLink 2009-09-20 03:52 . 2009-09-20 03:53 -------- d-----w- c:\program files\CyberLink 2009-09-20 03:52 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-09-20 03:08 . 2009-09-20 03:08 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-20 03:07 . 2009-09-20 03:07 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-09-20 03:07 . 2009-09-20 03:07 -------- d-----w- c:\windows\system32\LogFiles 2009-09-15 03:11 . 2009-09-15 03:11 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-15 03:11 . 2009-09-15 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-15 02:57 . 2009-09-15 02:57 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-15 02:57 . 2009-09-15 02:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab 2009-09-15 02:57 . 2009-09-15 02:57 -------- d-----w- c:\windows\Sun 2009-09-14 17:00 . 2009-09-14 17:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-09-14 16:42 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-09-14 16:42 . 2009-09-15 07:00 -------- d-----w- c:\windows\ie8updates 2009-09-14 16:41 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-09-14 16:41 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-14 16:41 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-14 16:41 . 2009-07-19 22:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-14 16:41 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-14 16:41 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-09-14 16:41 . 2009-09-14 16:41 -------- dc-h--w- c:\windows\ie8 2009-09-13 15:41 . 2005-01-01 09:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2009-09-13 15:41 . 2009-09-13 15:41 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-09-13 15:30 . 2008-05-30 18:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll 2009-09-13 15:29 . 2007-03-05 16:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll 2009-09-13 07:08 . 2009-09-13 07:08 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-13 07:08 . 2009-09-13 07:08 -------- d-----w- c:\program files\MSBuild 2009-09-13 07:07 . 2009-09-13 07:07 -------- d-----w- c:\program files\Reference Assemblies 2009-09-13 07:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-09-13 07:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-09-13 07:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-09-13 07:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-09-13 07:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-09-13 07:06 . 2009-09-13 07:07 -------- d-----w- C:\c335530953e8760daa75c0fa 2009-09-13 07:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-09-13 07:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-09-13 06:58 . 2009-09-13 06:58 -------- d-----w- c:\program files\DivX 2009-09-13 06:57 . 2009-09-13 06:57 -------- d-----w- c:\program files\AC3Filter 2009-09-12 23:06 . 2009-09-12 23:06 -------- d-sh--w- c:\documents and settings\LocalService\UserData 2009-09-12 22:21 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-12 22:21 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-12 22:21 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-12 22:21 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-12 22:21 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-12 22:21 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-12 22:21 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-12 22:21 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-12 22:20 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-12 22:18 . 2009-09-13 10:55 15184 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 22:02 . 2009-10-05 04:59 -------- d-----w- c:\program files\RapidBIT 2009-09-12 22:02 . 2009-09-12 22:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ACCB9BD0-DB08-4314-8DAD-22C10AA655D7} 2009-09-12 21:07 . 2009-09-12 21:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\assembly 2009-09-12 21:07 . 2009-09-29 19:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-12 21:07 . 2009-09-22 00:38 -------- d-----w- c:\program files\NCSoft 2009-09-12 21:04 . 2009-09-12 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-09-12 21:03 . 2009-09-12 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo 2009-09-12 20:42 . 2009-09-12 20:42 -------- d-----w- C:\Diskeeper 2009-09-12 19:59 . 2009-09-12 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SecondLife 2009-09-12 19:59 . 2009-10-02 09:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SecondLife 2009-09-12 19:58 . 2009-09-12 19:59 -------- d-----w- c:\program files\SecondLife 2009-09-12 19:35 . 2009-09-12 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation 2009-09-12 19:35 . 2009-09-12 19:41 -------- d-----w- c:\program files\Diskeeper Corporation 2009-09-12 19:13 . 2009-09-12 19:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment 2009-09-12 18:40 . 2009-10-04 04:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-12 18:40 . 2009-10-04 04:53 -------- d-----w- c:\program files\SpywareBlaster 2009-09-12 18:34 . 2009-09-12 18:34 -------- d-----w- c:\program files\RamBooster 2.0 2009-09-12 18:33 . 2009-09-12 18:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo 2009-09-12 18:33 . 2009-09-12 18:33 -------- d-----w- c:\program files\iolo 2009-09-12 18:33 . 2009-09-12 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-09-12 18:32 . 2009-09-12 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\FastStone 2009-09-12 18:31 . 2009-09-12 18:31 -------- d-----w- c:\program files\FastStone Image Viewer 2009-09-12 18:25 . 2009-09-12 18:25 -------- d-----w- c:\program files\VS Revo Group 2009-09-12 18:01 . 2009-09-12 18:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo 2009-09-12 07:05 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-09-12 07:05 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-09-12 07:05 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-09-12 07:05 . 2009-09-12 07:05 -------- d-----w- c:\program files\Alwil Software 2009-09-12 06:54 . 2009-10-04 03:51 -------- dc----w- c:\windows\system32\DRVSTORE 2009-09-12 06:53 . 2009-10-04 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 22:31 . 2009-09-12 05:32 -------- d-----w- c:\program files\Unlocker 2009-09-13 07:21 . 2009-09-12 05:43 15184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 20:36 . 2009-09-12 18:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp 2009-09-12 18:28 . 2009-09-12 18:27 -------- d-----w- c:\program files\Winamp 2009-09-12 05:37 . 2009-09-12 05:37 -------- d-----w- c:\program files\microsoft frontpage 2009-09-12 05:36 . 2009-09-12 05:36 -------- d-----w- c:\program files\Alky for Applications 2009-09-12 05:36 . 2009-09-12 05:36 -------- d-----w- c:\program files\RocketDock 2009-09-12 05:33 . 2009-09-12 05:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\program files\Microsoft Games 2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\program files\Microsoft PowerToys 2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\program files\HashTab Shell Extension 2009-08-17 07:04 . 2009-08-17 07:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-09-12 01:30 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-09-12 01:22 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2009-09-12 01:22 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2009-09-12 01:22 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-09-12 01:22 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2009-09-12 01:22 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2009-09-12 01:22 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2009-09-12 01:22 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-17 04:57 . 2009-08-17 04:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-11 16:35 . 2009-09-12 01:30 485920 ----a-w- c:\windows\system32\nvuninst.exe 2009-08-05 09:01 . 2008-04-14 09:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2008-04-14 09:42 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2008-04-14 09:41 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-17 19:01 . 2008-04-14 09:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2008-04-14 09:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ------- Sigcheck ------- [-] 2008-09-03 . 89E53BCD2AAC82523FFA9FC2580C1E62 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-29 1005960] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-04 2171904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "vista_sound_register.inf"="setupapi.dll" - c:\windows\system32\setupapi.dll [2008-04-14 985088] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-12 495616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *autocheck lsdeleteautocheck lsdelete [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [9/11/2009 9:24 PM 16640] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/12/2009 6:21 PM 114768] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10/4/2009 1:26 AM 142592] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD80.fcl [8/8/2008 10:15 AM 41456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/12/2009 6:21 PM 20560] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/12/2009 2:52 AM 269648] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/12/2009 2:52 AM 19160] S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [4/22/2009 3:25 PM 41984] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.diskeeper.com/updates/?RID=11138&APID=PPS0001834&PC=1&PE=11&PT=1&MajorVer=12&MinorVer=0&PBN=758&PMBN=0&LCID=1033&OId=&InstallDate=&Platform=x86&EIID=A2AAAAC3YV6E9DNPUW5S8KK2E56EMGAP2HMVMXQF5DMSDE3 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ttm1uqo6.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-05 15:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD80.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2052111302-1960408961-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,42,7f,23,d3,65,9a,41,a4,9c,04,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,42,7f,23,d3,65,9a,41,a4,9c,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2368) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\RapidBIT\cidaemon.exe . ************************************************************************** . Completion time: 2009-10-05 15:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-05 19:22 Pre-Run: 123,656,396,800 bytes free Post-Run: 123,583,336,448 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot 328 --- E O F --- 2009-09-22 14:37 combo_fix_log.txt
  7. i did a scan with ad-aware AE recently and it picked up a trojan called WIN32Trojan PWS.OnlineGames and everytime i go to perform the recommended actions in ad-aware the program freezes and then it crashes my hole system here my log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:24 PM, on 10/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\RapidBIT\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/?RID=1113...2HMVMXQF5DMSDE3 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'Default user') O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (file missing) O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\462219sys.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files\RapidBIT\cisvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6558 bytes
  8. i use ad-aware AE Free version updated of course. the problem is when i scan it detects a Trojan WIN32TrojanPWS.OnlineGames when i go to perform the recommended actions it freezes my computer forcing me to hit the reset button all the time that's pretty much it i also use malwarebytes and recently installed spy-bot,also every program i scanned my system with has come up with nothing so not sure if ad-ware is broke or what but any help would be appreciated my firewall is zone alarm pro firewall and my anti virus is avast antivirus pro