need help! (Trojan.downloader problem)

R

Renfordoggz

New Member
Hello All,
I was referred to this site to post my problem and especially to a user called johnb35

My problem is this:
I was looking for Tube map application for Vivaz on google and when I clicked on one of the links (the third one I believe) Avast sent me all these notifications (at least a 100) about viruses. I had no option but to quarantine the infected files as Avast could not fix them. Quite soon after, a .pdf file was attempting to load and since I did not open any such file I closed it immediately.
Avast scans did not pick up any viruses after the incident but the Virus Chest was not able to load (it said: could not connect to server). I reinstalled avast, ran a scan to still get no results. I then ran a scan using Windows Live Onecare scanner and it picked up 2 Trojan Downloaders and I manually deleted the infected files.
I then noticed that the amount of data being downloaded went completely haywire. Despite just being on the bbc homepage and my hotmail, I somehow ended up using 700MB in just 2 minutes. This occurs when I put my laptop to sleep. I read on this thread that this might be due to hackers etc. so I had to format my hard drive and reinstall windows 7. Once I did that everything was fine but then I had to copy some files from my back up and after doing so, the problem resumed. I have installed Zone alarm, anti viruses, anti-spyware and anti malware but still nothing can be found.
I am extremely concerned if my laptop has been hacked as I need this laptop for university and might need to do online shopping on it.

I really need help on this and would be very grateful

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:14, on 23/09/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8541 bytes
 
First off, I don't see that you have malwarebytes installed, so please perform the following procedure.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

Please post the malwarebytes log along with a fresh hijackthis log.
 
That's odd, I have Malwarebytes' Anti-Malware but here's the log anyway:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4678

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/09/2010 22:57:31
mbam-log-2010-09-23 (22-57-31).txt

Scan type: Quick scan
Objects scanned: 143164
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Let's scan deeper in your system.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
ComboFix 10-09-23.01 - Renjit 24/09/2010 0:07.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.2013 [GMT 1:00]
Running from: c:\users\Renjit\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 23:15 . 2010-09-23 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 23:15 . 2010-09-23 23:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-22 13:04 . 2010-09-22 13:04 388096 ----a-r- c:\users\Renjit\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 13:04 . 2010-09-22 13:04 -------- d-----w- c:\program files\Trend Micro
2010-09-22 12:31 . 2010-09-23 22:57 63488 ----a-w- c:\users\Renjit\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 12:31 . 2010-09-22 12:31 52224 ----a-w- c:\users\Renjit\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 12:31 . 2010-09-23 22:57 117760 ----a-w- c:\users\Renjit\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 12:30 . 2010-09-22 12:30 -------- d-----w- c:\users\Renjit\AppData\Roaming\SUPERAntiSpyware.com
2010-09-22 12:30 . 2010-09-22 12:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-22 12:30 . 2010-09-22 12:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 01:08 . 2010-09-22 01:08 -------- d-----w- c:\users\Renjit\AppData\Roaming\PeerNetworking
2010-09-22 00:28 . 2010-09-22 00:28 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-09-22 00:28 . 2010-09-22 00:28 -------- d-----w- c:\programdata\SoftPerfect
2010-09-22 00:28 . 2010-09-22 00:28 -------- d-----w- c:\program files\NetWorx
2010-09-21 19:20 . 2010-09-21 19:20 -------- d-----w- c:\program files\ASIO4ALL v2
2010-09-21 12:37 . 2010-09-21 12:37 -------- d-----w- c:\users\Renjit\AppData\Roaming\REAPER
2010-09-21 12:25 . 2010-09-21 12:34 -------- d-----w- c:\users\Renjit\AppData\Roaming\Audacity
2010-09-20 17:30 . 2010-09-22 08:36 1 ----a-w- c:\users\Renjit\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-20 17:30 . 2010-09-20 17:30 -------- d-----w- c:\users\Renjit\AppData\Roaming\OpenOffice.org
2010-09-20 09:26 . 2010-09-20 09:26 -------- d-----w- c:\users\Renjit\AppData\Roaming\vlc
2010-09-19 22:09 . 2010-09-19 22:09 -------- d-----w- c:\programdata\Hagel Technologies
2010-09-19 22:09 . 2010-09-19 22:09 -------- d-----w- c:\program files\DU Meter
2010-09-19 18:51 . 2009-06-22 17:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-09-19 08:25 . 2010-09-19 08:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-09-19 08:24 . 2010-09-19 08:24 0 ----a-w- c:\windows\nsreg.dat
2010-09-19 08:24 . 2010-09-19 08:24 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2010-09-19 08:24 . 2010-09-19 08:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\CheckPoint
2010-09-18 23:27 . 2010-09-18 23:27 -------- d-----w- c:\windows\system32\Wat
2010-09-18 23:26 . 2010-09-18 23:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-18 10:54 . 2010-09-18 10:54 -------- d-----w- c:\users\Renjit\AppData\Roaming\Malwarebytes
2010-09-18 10:50 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-18 10:50 . 2010-09-18 10:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-18 10:50 . 2010-09-18 10:50 -------- d-----w- c:\programdata\Malwarebytes
2010-09-18 10:50 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 08:58 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-18 08:57 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-18 08:57 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-18 08:57 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-18 08:57 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-18 08:57 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-18 08:52 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-17 22:26 . 2010-09-17 22:26 -------- d-----w- c:\program files\YouTube Downloader
2010-09-17 21:38 . 2010-09-22 07:57 -------- d-----w- c:\users\Renjit\Tracing
2010-09-17 21:36 . 2010-09-19 08:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-17 21:36 . 2010-04-28 06:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-17 21:35 . 2010-09-17 21:35 -------- d-----w- c:\program files\Microsoft
2010-09-17 21:35 . 2010-09-17 21:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-17 21:34 . 2010-09-17 21:36 -------- d-----w- c:\program files\Windows Live
2010-09-17 21:34 . 2010-09-17 21:34 -------- d-----w- c:\windows\PCHEALTH
2010-09-17 21:31 . 2010-09-17 21:31 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-17 11:28 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-17 10:45 . 2010-09-17 10:45 -------- d-----w- c:\users\Renjit\AppData\Local\Diagnostics
2010-09-17 09:28 . 2010-09-17 09:30 -------- d--h--w- c:\windows\AxInstSV
2010-09-17 01:19 . 2010-09-16 16:31 -------- d-----w- c:\windows\Panther
2010-09-17 01:18 . 2010-09-17 01:18 -------- d-----w- C:\Boot
2010-09-16 22:33 . 2010-09-16 22:33 -------- d-----w- c:\programdata\Sonoma Wire Works
2010-09-16 22:33 . 2010-09-16 22:33 -------- d-----w- c:\program files\Vstplugins
2010-09-16 22:33 . 2010-09-16 22:33 -------- d-----w- c:\program files\IK Multimedia
2010-09-16 22:33 . 2010-09-16 22:33 -------- d-----w- c:\program files\Sonoma Wire Works
2010-09-16 22:27 . 2010-09-16 22:27 -------- d-----w- C:\Python27
2010-09-16 22:22 . 2010-09-16 22:22 -------- d-----w- c:\users\Renjit\AppData\Roaming\Blender Foundation
2010-09-16 22:22 . 2010-09-16 22:22 -------- d-----w- c:\program files\Blender Foundation
2010-09-16 22:21 . 2010-09-16 22:21 -------- d-----w- c:\program files\GIMP-2.0
2010-09-16 22:19 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-09-16 22:19 . 2010-09-16 22:19 -------- d-----w- c:\program files\AoA Audio Extractor
2010-09-16 22:16 . 2010-09-16 22:16 52824 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2010-09-16 22:16 . 2010-09-16 22:16 -------- d-----w- c:\program files\NCH Software
2010-09-16 22:16 . 2010-09-23 22:16 -------- d-----w- c:\programdata\NCH Swift Sound
2010-09-16 22:16 . 2010-09-16 22:16 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-16 22:16 . 2010-09-23 22:16 -------- d-----w- c:\users\Renjit\AppData\Roaming\NCH Swift Sound
2010-09-16 22:15 . 2010-09-16 22:15 -------- d-----w- c:\program files\REAPER
2010-09-16 22:15 . 2010-09-16 22:15 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-09-16 22:12 . 2010-09-16 22:12 -------- d-----w- c:\users\Renjit\AppData\Roaming\IObit
2010-09-16 22:12 . 2010-09-16 22:12 -------- d-----w- c:\program files\IObit
2010-09-16 21:33 . 2010-09-16 21:33 -------- d-----w- c:\users\Renjit\Guitar Pro 5.2 (with complete RSE packs)
2010-09-16 21:32 . 2010-09-16 21:39 -------- d-----w- c:\users\Renjit\Courage The Cowardly Dog (1999-2002)
2010-09-16 21:32 . 2010-09-16 21:32 -------- d-----w- c:\users\Renjit\Clone Wars
2010-09-16 21:30 . 2010-09-16 21:30 -------- d-----w- c:\users\Renjit\Itunes from ma's comp
2010-09-16 21:30 . 2010-09-16 21:32 -------- d-----w- c:\users\Renjit\iTunes
2010-09-16 19:08 . 2010-09-16 21:58 -------- d-----w- c:\users\Renjit\AppData\Roaming\Apple Computer
2010-09-16 19:08 . 2010-09-16 19:08 -------- d-----w- c:\users\Renjit\AppData\Local\Apple Computer
2010-09-16 19:08 . 2010-09-17 21:36 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-16 19:08 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-16 19:08 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-16 19:07 . 2010-09-16 19:08 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-16 19:07 . 2010-09-16 19:08 -------- d-----w- c:\program files\iTunes
2010-09-16 19:07 . 2010-09-16 19:07 -------- d-----w- c:\program files\iPod
2010-09-16 19:06 . 2010-09-16 19:07 -------- d-----w- c:\programdata\Apple Computer
2010-09-16 19:06 . 2010-09-16 19:06 -------- d-----w- c:\program files\QuickTime
2010-09-16 19:06 . 2010-09-16 19:06 -------- d-----w- c:\users\Renjit\AppData\Local\Apple
2010-09-16 19:06 . 2010-09-16 19:06 -------- d-----w- c:\program files\Apple Software Update
2010-09-16 19:05 . 2010-09-16 19:05 -------- d-----w- c:\program files\Bonjour
2010-09-16 19:05 . 2010-09-16 19:07 -------- d-----w- c:\program files\Common Files\Apple
2010-09-16 19:05 . 2010-09-16 19:05 -------- d-----w- c:\programdata\Apple
2010-09-16 17:34 . 2010-09-16 17:34 -------- d-----w- c:\windows\system32\Macromed
2010-09-16 17:31 . 2010-09-16 17:31 -------- d-----w- c:\program files\Common Files\Pearson VUE Common
2010-09-16 17:31 . 2010-09-16 17:31 -------- d-----w- c:\program files\Pearson VUE
2010-09-16 17:26 . 2010-09-16 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-16 17:24 . 2010-09-16 17:24 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-16 17:24 . 2010-09-16 17:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-16 17:24 . 2010-09-16 17:24 -------- d-----w- c:\programdata\McAfee Security Scan
2010-09-16 17:24 . 2010-09-16 17:24 -------- d-----w- c:\programdata\McAfee
2010-09-16 17:24 . 2010-09-16 17:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-09-16 17:24 . 2010-09-17 11:20 -------- d-----w- c:\users\Renjit\AppData\Local\Adobe
2010-09-16 17:24 . 2010-09-16 17:24 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-09-16 17:23 . 2010-09-16 17:24 -------- d-----w- c:\programdata\NOS
2010-09-16 17:23 . 2010-09-16 17:23 -------- d-----w- c:\program files\NOS
2010-09-16 17:23 . 2010-09-16 17:23 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 17:23 . 2010-09-01 14:52 35136 ----a-w- c:\users\Renjit\AppData\Roaming\Mozilla\Firefox\Profiles\4xp9bm25.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-16 17:22 . 2010-09-01 14:52 32032 ----a-w- c:\users\Renjit\AppData\Roaming\Mozilla\Firefox\Profiles\4xp9bm25.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-16 17:18 . 2010-09-16 17:18 -------- d-----w- c:\program files\JRE
2010-09-16 17:18 . 2010-09-16 17:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-16 17:18 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-16 17:17 . 2010-09-16 17:22 -------- d-----w- c:\program files\Java
2010-09-16 17:11 . 2010-09-16 17:11 -------- d-----w- c:\program files\VideoLAN
2010-09-16 17:07 . 2010-09-16 17:07 -------- d-----w- c:\users\Renjit\AppData\Roaming\HTNetMeter
2010-09-16 17:07 . 2010-09-16 17:07 -------- d-----w- c:\program files\HooTech
2010-09-16 16:55 . 2010-09-16 16:58 -------- d-----w- c:\program files\Bandwidth Monitor Pro
2010-09-16 16:54 . 2010-09-16 16:54 -------- d-----w- c:\users\Renjit\AppData\Local\Mozilla
2010-09-16 16:52 . 2010-09-16 18:08 62952 ----a-w- c:\users\Renjit\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-16 16:52 . 2010-09-16 16:52 -------- d-----w- c:\users\Renjit\AppData\Local\Locktime
2010-09-16 16:52 . 2010-09-16 16:52 -------- d-----w- c:\programdata\NVIDIA
2010-09-16 16:48 . 2010-09-16 18:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-16 16:48 . 2010-09-16 16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 16:46 . 2010-09-16 16:46 -------- d-----w- c:\program files\NetLimiter 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 18:48 . 2010-09-19 18:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-18 23:27 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-09-16 17:24 . 2010-09-19 08:23 53632 ----a-w- c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-16 16:42 . 2010-09-16 16:40 421442 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-09-16 16:42 . 2010-09-16 16:42 -------- d-----w- c:\users\Renjit\AppData\Roaming\CheckPoint
2010-09-16 16:41 . 2010-09-16 16:41 -------- d-----w- c:\program files\Conduit
2010-09-16 16:41 . 2010-09-16 16:41 -------- d-----w- c:\program files\ZoneAlarm
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 1781760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-10-07 577536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-08-31 2941984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2010-06-29 2944512]

c:\users\Renjit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-18 1343400]
S1 aswSP;aswSP; [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2010-08-30 5281672]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-09-22 38976]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-08-31 1411616]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2010-08-31 19368]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2010-09-16 52824]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - FASTFAT
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-16 14:10]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 16:37]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 16:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Renjit\AppData\Roaming\Mozilla\Firefox\Profiles\4xp9bm25.default\
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Renjit\AppData\Roaming\Mozilla\Firefox\Profiles\4xp9bm25.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(504)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'Explorer.exe'(2916)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-09-24 00:18:44
ComboFix-quarantined-files.txt 2010-09-23 23:18

Pre-Run: 243,343,396,864 bytes free
Post-Run: 243,227,205,632 bytes free

- - End Of File - - A76F910143E36B51C7243C5D3269EE48



The Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:16, on 24/09/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7110 bytes




The Internet usage is still acting weird but strangely not as much as before today it went from 70 MB (which I know I used) to 160MB (Out of which 90 MB I don't know how it got used).

Thank you for your time
 
I have 1 question before I continue...

Is this a genuine operating system and not pirated?


It's time for some general cleaning as I still don't see anything going on.

Download and run Ccleaner to delete all the old temp internet and system files and such.

http://download.cnet.com/ccleaner/

Then please provide an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list, save it and then copy and paste it back here.
 
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Advanced SystemCare 3
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Blender (remove only)
Bonjour
CCleaner
DU Meter
GIMP 2.6.10
Google Chrome
Google Update Helper
HiJackThis
HijackThis 2.0.2
iTunes
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
MSVCRT
Net Meter 3.6 build 437
NetLimiter 3
NetWorx 5.1.2
NVIDIA Drivers
OpenOffice.org 3.2
PVSonyDll
Python 2.7
QuickTime
REAPER
RiffWorks T4
SoundTap Streaming Audio Recorder
Spybot - Search & Destroy
SUPERAntiSpyware
Switch Sound File Converter
UKCAT Practice Tests
VLC media player 1.1.4
WavePad Sound Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
YouTube Downloader 2.6.1
ZoneAlarm
ZoneAlarm Toolbar

The operating system I have is genuine. I got it from a website (legit one) specialising in student deals.
 
I don't see any issues there. Have you scanned with superantispyware? I see if you have it installed. Did it find anything besides tracking cookies?
 
Please uninstall the following programs and see if your issues continue.

DU Meter
McAfee Security Scan Plus
Net Meter 3.6 build 437
NetLimiter 3
NetWorx 5.1.2

Netmeter is actually an undesirable program.

You really need to install an antivirus or security suite. Running naked isn't a good idea. I know you have advanced system care but not sure if i would trust one of those all in one programs.
 
I have Avast already installed. I've also downloaded Microsoft Security essentials. Just a quick question, now that I've uninstalled all the internet usage monitoring programs, how should I view my usage? Is there some way to do so on Windows 7 or can you recommend some programs.

Thank you!:D
 
Sorry, didn't even realize you had avast installed. Guess i just overlooked it.

Most users don't need a usage monitor unless you are on a limited plan. I just had you uninstall them in case they were causing issues.
 
You must log in or register to reply here.
Back
Top