Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with internet browsers and flash/java [Solved]


  • Please log in to reply

#1
Absurdny

Absurdny

    Member

  • Member
  • PipPip
  • 20 posts
My computer has been working fine for a while and just recently my anti malware software has found some malware. I removed the malware and now I have a problem with java/flash based sites. I use www.Stickam.com a lot for promotion of my business and streaming web shows. All the sudden, when I click on the java buttons on that site in firefox, a hourglass comes up for a minute and it don't do anything. If I move the mouse the hourglass disappears. In internet explorer I can click buttons but when I am in the java based chat room and I type in the chat box then press send, nothing happens. the message never appears in the room. Also every site seems to load very slow. Thank you for your help in advance. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:00 PM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
G:\digidesign\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\AIM6\aim6.exe
D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.145.124.55:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Avast\avgssie.dll (file missing)
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] G:\Avast\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B}: NameServer = 167.206.254.2,167.206.254.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Avast\avgpp.dll (file missing)
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - G:\Avast\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - G:\Avast\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9196d3bf57de6) (gupdate1c9196d3bf57de6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9261 bytes

Edited by Absurdny, 16 February 2009 - 03:36 PM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Absurdny,

Welcome to Geekstogo.

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Now

Lets just check that your Java problem is not because it isn't enabled.

If you have IE7 , make sure the Java add on is enabled. Click Tools>Manage Add-ons>Enable or Disable Add-ons

and check to make sure Java is enabled.

Next

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally in this post
  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
So when you return please post
  • MBAM log
  • the two RSIT logs - log.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. It is likely these reports will not fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#3
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you for helping me with my issue. I have uninstalled the Viewpoint software. I think that came with software or a hardware driver disk. I do not have IE7 so I could not check the java. I have Firefox 3 running on Windows XP.
Here are the logs you requested:

Malwarebytes' Anti-Malware 1.34
Database version: 1783
Windows 5.1.2600 Service Pack 3

2/20/2009 11:39:10 PM
mbam-log-2009-02-20 (23-39-10).txt

Scan type: Quick Scan
Objects scanned: 75949
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Program Files\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Infected:
D:\Program Files\PremierOpinion\pmservice.exe (Adware.PremierOpinion) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Absurd at 2009-02-21 00:16:58
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 1 GB (4%) free of 30 GB
Total RAM: 3007 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:14 AM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
G:\digidesign\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\AIM6\aim6.exe
D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Absurd\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Absurd.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.145.124.55:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Avast\avgssie.dll (file missing)
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] G:\Avast\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B}: NameServer = 167.206.254.2,167.206.254.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Avast\avgpp.dll (file missing)
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - G:\Avast\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - G:\Avast\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9196d3bf57de6) (gupdate1c9196d3bf57de6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9120 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1935655697-839522115-1004.job
D:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
D:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-07 95664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - G:\Avast\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
Google Update Helper - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [2008-09-18 133616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll [2008-08-14 1556480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"=G:\digidesign\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824]
"M-Audio Taskbar Icon"=D:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2005-12-13 91136]
"COMODO Firewall Pro"=D:\Program Files\COMODO\Firewall\cfp.exe [2009-01-19 1797880]
"AVG8_TRAY"=G:\Avast\avgtray.exe []
"COMODO Internet Security"=D:\Program Files\COMODO\Firewall\cfp.exe [2009-01-19 1797880]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"Aim6"=D:\Program Files\AIM6\aim6.exe [2008-06-12 50528]
"Google Update"=D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]
"IDMan"=D:\Program Files\Internet Download Manager\IDMan.exe [2007-06-20 800256]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe [2008-12-22 1830128]
"msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe

D:\Documents and Settings\Absurd\Start Menu\Programs\Startup
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2009-02-07 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=0
"NoStrCmpLogical"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeAnimation"=
"NoStrCmpLogical"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\GIGABYTE\@BIOS\gwflash.exe"="D:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:gwflash"
"D:\Program Files\netGangsters\simGangster (2007)\simGangster.exe"="D:\Program Files\netGangsters\simGangster (2007)\simGangster.exe:*:Enabled:simGangster"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\Games\Call Od Duty\iw3mp.exe"="G:\Games\Call Od Duty\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"D:\Program Files\GIGABYTE\EasyTune4\update.exe"="D:\Program Files\GIGABYTE\EasyTune4\update.exe:*:Enabled:ftptest"
"D:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="D:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"E:\rainbow 6 vegas 2\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="E:\rainbow 6 vegas 2\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"D:\Program Files\FlashGet\FlashGet.exe"="D:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Program Files\TVAnts\Tvants.exe"="D:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\MVPBB2K5\mvp2005.exe"="C:\Games\MVPBB2K5\mvp2005.exe:*:Enabled:mvp2005"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="D:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"G:\Avast\avgemc.exe"="G:\Avast\avgemc.exe:*:Enabled:avgemc.exe"
"G:\Avast\avgupd.exe"="G:\Avast\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Documents and Settings\Absurd\Desktop\J_CC-RedAlert2\RedAlert2\GAME.EXE"="D:\Documents and Settings\Absurd\Desktop\J_CC-RedAlert2\RedAlert2\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\MySpace\IM\MySpaceIM.exe"="D:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"D:\Program Files\SmartFTP Client\SmartFTP.exe"="D:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Dreamweaver 8\Dreamweaver.exe"="C:\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
shell\Open\command - G:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
shell\Open\command - H:\resycled\boot.com h:


======File associations======

.js - edit - "C:\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-02-21 00:16:58 ----D---- D:\rsit
2009-02-16 16:05:46 ----D---- D:\Program Files\Trend Micro
2009-02-15 20:32:48 ----D---- D:\Documents and Settings\Absurd\Application Data\Macromedia
2009-02-15 20:31:20 ----A---- D:\WINDOWS\system32\deploytk.dll
2009-02-15 02:20:19 ----A---- D:\WINDOWS\LEXSTAT.INI
2009-02-15 02:19:43 ----A---- D:\WINDOWS\system32\lxdapwr.dll
2009-02-15 02:19:43 ----A---- D:\WINDOWS\system32\LEXPPS.EXE
2009-02-15 02:19:43 ----A---- D:\WINDOWS\system32\LEXP2P32.DLL
2009-02-15 02:19:42 ----D---- D:\Program Files\Lexmark 640 Series
2009-02-15 02:19:42 ----A---- D:\WINDOWS\system32\lexlmpm.dll
2009-02-15 02:19:42 ----A---- D:\WINDOWS\system32\LEXBCES.EXE
2009-02-15 02:19:42 ----A---- D:\WINDOWS\system32\LEXBCE.DLL
2009-02-15 02:19:42 ----A---- D:\WINDOWS\system32\LEX2KUSB.DLL
2009-02-15 02:19:13 ----A---- D:\WINDOWS\uninst.exe
2009-02-14 06:01:16 ----D---- D:\Documents and Settings\Absurd\Application Data\MSNInstaller
2009-01-27 22:34:36 ----A---- D:\Documents and Settings\Absurd\Application Data\AutoGK.ini
2009-01-27 18:49:54 ----A---- D:\WINDOWS\system32\xvid-uninstall.exe
2009-01-27 18:49:19 ----D---- D:\Program Files\AviSynth 2.5
2009-01-27 18:48:09 ----D---- D:\Program Files\Gabest
2009-01-27 18:47:10 ----D---- D:\Program Files\AutoGK
2009-01-27 18:24:18 ----D---- D:\Program Files\E.M. DVD Copy
2009-01-27 17:51:52 ----D---- D:\Documents and Settings\Absurd\Application Data\NeroDigital™
2009-01-27 15:32:33 ----A---- D:\WINDOWS\system32\CNMVS3w.DLL
2009-01-27 15:32:32 ----A---- D:\WINDOWS\system32\CNMLM3w.DLL
2009-01-27 15:32:22 ----HD---- D:\BJPrinter
2009-01-27 15:32:22 ----A---- D:\WINDOWS\system32\CNMCP3W.EXE
2009-01-27 14:57:36 ----D---- D:\Program Files\DVDx
2009-01-26 23:01:53 ----D---- D:\WINDOWS\Hot Item Finder
2009-01-26 23:01:53 ----D---- D:\Program Files\HotItemFinder
2009-01-26 23:01:28 ----A---- D:\WINDOWS\Hot Item Finder Setup Log.txt
2009-01-26 22:43:10 ----D---- D:\WINDOWS\AuctionYen
2009-01-26 22:43:10 ----D---- D:\Program Files\AuctionYen
2009-01-26 22:39:53 ----A---- D:\WINDOWS\AuctionYen Setup Log.txt
2009-01-25 01:23:29 ----D---- D:\Program Files\eBay
2009-01-23 00:36:36 ----A---- D:\Program Files\InventoryBuildersettings.ini
2009-01-23 00:36:24 ----D---- D:\Program Files\InventoryBuilder
2009-01-22 02:07:52 ----D---- D:\Program Files\SmartFTP Client

======List of files/folders modified in the last 1 months======

2009-02-21 00:16:59 ----D---- D:\WINDOWS\Temp
2009-02-20 23:39:10 ----D---- D:\Program Files
2009-02-20 23:23:44 ----D---- D:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-20 23:23:31 ----D---- D:\Program Files\Viewpoint
2009-02-20 21:49:10 ----D---- D:\Program Files\Mozilla Firefox
2009-02-18 13:21:51 ----A---- D:\WINDOWS\NeroDigital.ini
2009-02-17 09:17:22 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-02-16 15:58:07 ----D---- D:\WINDOWS\Prefetch
2009-02-16 14:02:01 ----D---- D:\Documents and Settings\Absurd\Application Data\DMCache
2009-02-16 13:47:03 ----D---- D:\WINDOWS\system32\CatRoot2
2009-02-16 11:45:45 ----D---- D:\Program Files\SUPERAntiSpyware
2009-02-16 01:11:21 ----D---- D:\WINDOWS\system32\drivers
2009-02-16 01:11:21 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-02-15 21:35:58 ----SD---- D:\WINDOWS\Tasks
2009-02-15 20:49:39 ----SD---- D:\WINDOWS\Downloaded Program Files
2009-02-15 20:46:19 ----D---- D:\WINDOWS\system32
2009-02-15 20:45:32 ----SHD---- D:\WINDOWS\Installer
2009-02-15 20:45:21 ----D---- D:\Program Files\Common Files
2009-02-15 20:44:19 ----D---- D:\Program Files\Java
2009-02-15 20:43:33 ----D---- D:\WINDOWS
2009-02-15 03:09:36 ----HD---- D:\WINDOWS\inf
2009-02-14 07:01:42 ----SHD---- D:\RECYCLER
2009-02-14 06:31:37 ----A---- D:\WINDOWS\OEWABLog.txt
2009-02-14 06:31:23 ----D---- D:\Documents and Settings
2009-02-14 06:00:55 ----D---- D:\Program Files\MSN
2009-02-13 15:05:31 ----A---- D:\WINDOWS\system32\msvcsv60.dll
2009-02-12 15:41:19 ----D---- D:\WINDOWS\system32\config
2009-02-12 15:41:01 ----D---- D:\WINDOWS\system32\wbem
2009-02-12 15:41:01 ----D---- D:\WINDOWS\Registration
2009-02-12 10:38:07 ----HD---- D:\$AVG8.VAULT$
2009-02-07 08:56:57 ----D---- D:\Documents and Settings\All Users\Application Data\avg8
2009-02-07 08:56:48 ----A---- D:\WINDOWS\system32\avgrsstx.dll
2009-01-27 15:28:40 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-01-25 01:24:04 ----HD---- D:\Program Files\InstallShield Installation Information
2009-01-22 07:10:20 ----D---- D:\WINDOWS\Downloaded Installations
2009-01-22 07:08:18 ----D---- D:\Program Files\Common Files\Macromedia
2009-01-22 00:25:10 ----RSD---- D:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-07 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-07 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-07 107272]
R1 cdrbsdrv;cdrbsdrv; D:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-09-08 33408]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; D:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-01-19 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; D:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-01-19 31504]
R1 easdrv;easdrv; D:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-06 29704]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 34312]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 nvport;NVIDIA PORT IO Control Driver; \??\D:\WINDOWS\system32\Drivers\nvport.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; D:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 CamthWDM;WebcamMax, WDM Video Capture; D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 243584]
R2 eamon;EAMON; D:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-06 39944]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM); D:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVR0Dev;NVR0Dev; \??\D:\WINDOWS\nvoclock.sys []
R3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device; D:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
R3 USB20L;Linksys USB 2.0 10/100 Adapter; D:\WINDOWS\system32\DRIVERS\USB200M.sys [2002-09-23 14208]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 61883;61883 Unit Device; D:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a2nvzjdx;a2nvzjdx; D:\WINDOWS\system32\drivers\a2nvzjdx.sys []
S3 Avc;AVC Device; D:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BCM43XX;Linksys Wireless-N PCI Adapter WMP300N Driver; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-24 543104]
S3 catchme;catchme; \??\D:\DOCUME~1\Absurd\LOCALS~1\Temp\catchmedhlp.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ETDrv;ETDrv; \??\D:\WINDOWS\system32\Drivers\ETDrv.sys []
S3 GVTDrv;GVTDrv; \??\D:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; D:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-11-29 20240]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM); D:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
S3 MSDV;Microsoft DV Camera and VCR; D:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RivaTuner32;RivaTuner32; \??\D:\Program Files\RivaTuner v2.03\RivaTuner32.sys []
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VirtualFD;VirtualFD; \??\D:\Documents and Settings\Absurd\Desktop\virtual_floppy\virtual floppy\vfd.sys []
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Autodata Limited License Service;Autodata Limited License Service; D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2008-07-14 72704]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Program Files\COMODO\Firewall\cmdagent.exe [2009-01-19 618232]
R2 DigiRefresh;Digidesign MME Refresh Service; G:\digidesign\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824]
R2 ekrn;Eset Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-06 472320]
R2 LexBceS;LexBce Server; D:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
R2 MAudioUSBService;M-Audio USB Installer; D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 49152]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nTuneService;nTune Service; D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; D:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2008-04-06 66872]
S2 avg8emc;AVG Free8 E-mail Scanner; G:\Avast\avgemc.exe []
S2 avg8wd;AVG Free8 WatchDog; G:\Avast\avgwdsvc.exe []
S2 gupdate1c9196d3bf57de6;Google Update Service (gupdate1c9196d3bf57de6); D:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-18 133104]
S3 Adobe LM Service;Adobe LM Service; D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-13 72704]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 digiSPTIService;digiSPTIService; G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe [2007-10-30 159744]
S3 EhttpSrv;Eset HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-06 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-12 654848]
S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 LBTServ;Logitech Bluetooth Service; D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 121360]
S3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-21 00:17:21

======Uninstall list======

@BIOS -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->D:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->D:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0-->D:\WINDOWS\ISUNINST.EXE -fC:\Adobe\Uninst.isu -cC:\Adobe\Uninst.dll
Adobe Photoshop CS3-->D:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->D:\Program Files\Common Files\Adobe\Installers\71c180716438072ebd356ce2549df41\Setup.exe
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->D:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro-->RunDll32 "D:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "D:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup-->MsiExec.exe /I{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adult Emoticons and Avatars-->D:\Documents and Settings\Absurd\Desktop\adult\Adult Emoticons and Avatars\uninstall.exe
AIM 6-->D:\Program Files\AIM6\uninst.exe
Alien Skin Eye Candy 5 Impact-->C:\Adobe\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\Adobe\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature Demo-->C:\Adobe\Plug-Ins\ALIENS~1\EYECAN~3\Unwise32.exe C:\Adobe\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG
Alien Skin Eye Candy 5 Textures Demo-->C:\Adobe\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\Adobe\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG
AmpliTube Metal-->D:\Program Files\InstallShield Installation Information\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube X-GEAR-->D:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Antares Autotune VST RTAS TDM v5.08-->"D:\Program Files\Antares Audio Technologies\unins000.exe"
Antares Harmony Engine VST RTAS v1.0-->"D:\Program Files\Antares Audio Technologies\unins001.exe"
Antares Microphone Modeler DX v1.32-->C:\vst\Antares\MicModDX\UNINST~1\UNWISE.EXE C:\vst\Antares\MicModDX\UNINST~1\INSTALL.LOG
Antares Tube VST v1.02-->C:\vst\Antares\Tube\UNWISE.EXE C:\vst\Antares\Tube\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AuctionYen-->"D:\WINDOWS\AuctionYen\uninstall.exe" "/U:D:\Program Files\AuctionYen\Uninstall\uninstall.xml"
AusLogics BoostSpeed-->"D:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
Auto Gordian Knot 2.45-->D:\Program Files\AutoGK\uninst.exe
Avanquest update-->D:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.0-->G:\Avast\setup.exe /UNINSTALL
AviSynth 2.5-->"D:\Program Files\AviSynth 2.5\Uninstall.exe"
BMG Software InventoryBuilder 2.7-->"D:\Program Files\InventoryBuilder\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty® 4 - Modern Warfare™-->D:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Camel Audio Cameleon 5000 v1.7 VSTi-->C:\SAMPLE~3\CAMELE~1\UNWISE.EXE C:\SAMPLE~3\CAMELE~1\INSTALL.LOG
CamStudio-->D:\Program Files\CamStudio\uninstall.exe
Canon S200-->D:\WINDOWS\system32\CNMCP3W.EXE -@D:\WINDOWS\IsUninst.exe -f"D:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"D:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
COMODO Firewall Pro-->D:\Program Files\COMODO\Firewall\cfpconfg.exe -u
CROME 1.5-->"D:\Program Files\CROME\unins000.exe"
Dave Mirra Freestyle BMX-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{92C72ECF-B4BE-11D4-82B0-00A0C936A230}\setup.exe"
DebugMode Wax 2.0-->"D:\Program Files\DebugMode\Wax 2.0\uninst.exe"
Determinance-->"C:\Games\Fate Undiscovered Reals\DPG\Determinance\unins000.exe"
Digidesign Free Bomb Factory Plug-Ins 7.4-->D:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Pro Tools M-Powered 7.4-->D:\Program Files\InstallShield Installation Information\{14AA664E-9BFA-44C4-A083-83A2998679BA}\setup.exe -runfromtemp -l0x0009 -removeonly
Digidesign Shared Plug-Ins 7.4-->D:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Driver Genius Professional Edition 2007-->"D:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Drumagog 4-->D:\WINDOWS\iun6002.exe "D:\Program Files\Drumagog40\irunin.ini"
DVDx-->"D:\Program Files\DVDx\unins000.exe"
E.M. DVD Copy 2.51-->"D:\Program Files\E.M. DVD Copy\unins000.exe"
EA SPORTS online 2005-->C:\Games\EASOUNInstaller.exe
Easy Avi/Divx/Xvid to DVD Burner 2.4.7-->"D:\Program Files\Easy Avi Divx Xvid to DVD Burner\unins000.exe"
EasyTune4-->D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Gigabyte\EasyTune4\Uninst.isu" -c"D:\Program Files\Gigabyte\EasyTune4\uninstdrv.dll"
ESET NOD32 Antivirus-->MsiExec.exe /I{C082ECE3-DF55-426B-BBE9-E299CA184F82}
Fast Track Pro-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}\setup.exe" -l0x9 -removeonly
FL Studio 7-->D:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108-->"D:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Focusrite Saffire Bundle VST v2.0-->C:\vst\SAFFIR~1.0\UNINST~1\UNWISE.EXE C:\vst\SAFFIR~1.0\UNINST~1\INSTALL.LOG
FreeOCR.net-->"D:\WINDOWS\FreeOCR.net Uninstaller.exe"
FriendFinder Messenger v4.1-->MsiExec.exe /I{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}
Furball's Axis Ver 2.1.9R5-->D:\Documents and Settings\Absurd\Desktop\racers\Uninstal.exe
Furball's Coyote 2.1.9R5-->D:\Documents and Settings\Absurd\Desktop\racers\Uninstal.exe
Furball's Ninja 2.1.9R5-->D:\Documents and Settings\Absurd\Desktop\racers\Uninstal.exe
Furball's Remo Ver 2.1.9R5 car-->D:\Documents and Settings\Absurd\Desktop\racers\Uninstal.exe
Game Accelerator (remove only)-->D:\Program Files\Game Accelerator\Uninst.exe
G-Dyno GPS Version 1.0-->G:\gdynogps\unins000.exe
GoldWave v5.23-->"D:\Program Files\GoldWave\unstall.exe" "GoldWave v5.23" "D:\Program Files\GoldWave\unstall.log"
Google Gears-->MsiExec.exe /I{62631D34-D839-3214-92A2-D2F13C235694}
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTAIII-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
GUI for dvdauthor 1.07-->D:\Program Files\GUI for dvdauthor\uninst.exe
Haali Media Splitter-->"D:\Program Files\Matroska Pack\haali\uninstall.exe"
HammerTap 3-->MsiExec.exe /I{C223B7A3-A204-4ED3-913D-7EB9401EAE24}
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman (remove only)-->"C:\Games\Hitman\Uninstall.exe"
Hot Item Finder-->"D:\WINDOWS\Hot Item Finder\uninstall.exe" "/U:D:\Program Files\HotItemFinder\Uninstall\uninstall.xml"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IL Download Manager-->D:\Program Files\Image-Line\Downloader\uninstall.exe
Image Line ToxicIII v1.41 VSTi-->G:\VST\ToxicIII\UNWISE.EXE G:\VST\ToxicIII\INSTALL.LOG
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
Internet Download Manager-->D:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
iZotope Trash-->"D:\Program Files\iZotope\Trash\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 3.9.0-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexmark 640 Series-->D:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series
LimeWire PRO 4.12.3-->"D:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint-->D:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Pack-->D:\Program Files\Matroska Pack\uninstall.exe
Maximus-->D:\Program Files\Image-Line\Maximus\uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Character Code Conversion Routines for HKSCS-2004-->MsiExec.exe /I{77AE2F50-6015-461D-8416-308C8FF192A8}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"D:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Monster Garage-->D:\PROGRA~1\ACTIVI~1\MONSTE~1\UNWISE.EXE D:\PROGRA~1\ACTIVI~1\MONSTE~1\INSTALL.LOG
Mozilla Firefox (3.0.6)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->D:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Multiquence v2.55-->"D:\Program Files\Multiquence\unstall.exe" "Multiquence v2.55" "D:\Program Files\Multiquence\unstall.log"
MVP Baseball 2005-->C:\Games\

Edited by Absurdny, 20 February 2009 - 11:28 PM.

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
  • 0

#5
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I do have AVG anti-virus but for some reason, it is not showing up in my system try. Also I tried to run Hijack this and the program never opened. I brought up the task manager and it is in the list of running processes. I clicked end task and it would not close the program. I restarted my system and then Hijack this finally opened.

ComboFix 09-02-19.01 - Absurd 2009-02-21 3:33:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3007.1845 [GMT -5:00]
Running from: d:\documents and settings\Absurd\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
FW: COMODO Firewall *disabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\msvcsv60.dll
d:\windows\system32\tmp.reg
E:\resycled
F:\check_LSA7.txt
F:\resycled
G:\resycled
H:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 01:24 . 2009-02-21 01:24 <DIR> d-------- d:\documents and settings\Absurd\Application Data\Viewpoint
2009-02-21 00:16 . 2009-02-21 00:17 <DIR> d-------- D:\rsit
2009-02-16 16:05 . 2009-02-16 16:05 <DIR> d-------- d:\program files\Trend Micro
2009-02-16 14:01 . 2009-02-16 14:01 268 --ah----- D:\sqmdata14.sqm
2009-02-16 14:01 . 2009-02-16 14:01 244 --ah----- D:\sqmnoopt14.sqm
2009-02-15 20:31 . 2009-02-15 20:31 410,984 --a------ d:\windows\system32\deploytk.dll
2009-02-15 17:42 . 2009-02-15 17:42 268 --ah----- D:\sqmdata13.sqm
2009-02-15 17:42 . 2009-02-15 17:42 244 --ah----- D:\sqmnoopt13.sqm
2009-02-15 02:20 . 2009-02-15 13:14 287 --a------ d:\windows\LEXSTAT.INI
2009-02-15 02:19 . 2009-02-15 02:19 <DIR> d-------- d:\program files\Lexmark 640 Series
2009-02-15 02:19 . 2004-05-24 13:23 311,296 --a------ d:\windows\system32\LEXBCES.EXE
2009-02-15 02:19 . 1997-04-08 20:08 299,520 --a------ d:\windows\uninst.exe
2009-02-15 02:19 . 2004-05-24 13:21 201,216 --a------ d:\windows\system32\LEXP2P32.DLL
2009-02-15 02:19 . 2004-05-24 13:42 200,704 --a------ d:\windows\system32\lexlmpm.dll
2009-02-15 02:19 . 2004-05-24 13:26 198,144 --a------ d:\windows\system32\LEX2KUSB.DLL
2009-02-15 02:19 . 2004-05-24 13:22 174,592 --a------ d:\windows\system32\LEXPPS.EXE
2009-02-15 02:19 . 2004-05-24 13:22 147,456 --a------ d:\windows\system32\LEXBCE.DLL
2009-02-15 02:19 . 2006-03-28 05:29 73,728 --a------ d:\windows\system32\lxdapwr.dll
2009-02-14 07:10 . 2009-02-14 07:10 268 --ah----- D:\sqmdata12.sqm
2009-02-14 07:10 . 2009-02-14 07:10 244 --ah----- D:\sqmnoopt12.sqm
2009-02-14 06:33 . 2009-02-14 06:33 0 --a------ d:\windows\nsreg.dat
2009-02-14 06:31 . 2009-02-14 06:31 <DIR> d-------- d:\documents and settings\stickam\Application Data\Logitech
2009-02-14 06:31 . 2009-02-14 06:31 <DIR> d-------- d:\documents and settings\stickam
2009-02-14 06:01 . 2009-02-14 06:01 <DIR> d-------- d:\documents and settings\Absurd\Application Data\MSNInstaller
2009-02-14 05:54 . 2009-02-14 05:54 268 --ah----- D:\sqmdata11.sqm
2009-02-14 05:54 . 2009-02-14 05:54 244 --ah----- D:\sqmnoopt11.sqm
2009-02-12 15:50 . 2009-02-12 15:50 268 --ah----- D:\sqmdata10.sqm
2009-02-12 15:50 . 2009-02-12 15:50 244 --ah----- D:\sqmnoopt10.sqm
2009-02-12 14:36 . 2009-02-12 14:36 268 --ah----- D:\sqmdata09.sqm
2009-02-12 14:36 . 2009-02-12 14:36 244 --ah----- D:\sqmnoopt09.sqm
2009-02-12 14:08 . 2009-02-12 14:08 268 --ah----- D:\sqmdata08.sqm
2009-02-12 14:08 . 2009-02-12 14:08 244 --ah----- D:\sqmnoopt08.sqm
2009-01-27 18:49 . 2009-01-27 18:49 <DIR> d-------- d:\program files\AviSynth 2.5
2009-01-27 18:49 . 2009-01-27 18:49 43,698 --a------ d:\windows\system32\xvid-uninstall.exe
2009-01-27 18:48 . 2009-01-27 18:48 <DIR> d-------- d:\program files\Gabest
2009-01-27 18:47 . 2009-01-27 18:49 <DIR> d-------- d:\program files\AutoGK
2009-01-27 18:24 . 2009-01-27 18:25 <DIR> d-------- d:\program files\E.M. DVD Copy
2009-01-27 17:51 . 2009-01-27 17:51 <DIR> d-------- d:\documents and settings\Absurd\Application Data\NeroDigital™
2009-01-27 15:32 . 2009-01-27 15:32 <DIR> d--h----- D:\BJPrinter
2009-01-27 15:32 . 2002-02-12 14:00 97,280 --a------ d:\windows\system32\CNMLM3w.DLL
2009-01-27 15:32 . 2002-01-17 11:48 36,864 --a------ d:\windows\system32\CNMCP3W.EXE
2009-01-27 15:32 . 2002-02-12 14:00 5,632 --a------ d:\windows\system32\CNMVS3w.DLL
2009-01-27 15:28 . 2008-04-14 00:17 25,856 --a------ d:\windows\system32\drivers\usbprint.sys
2009-01-27 15:28 . 2008-04-14 00:17 25,856 --a--c--- d:\windows\system32\dllcache\usbprint.sys
2009-01-27 14:57 . 2009-01-27 14:57 <DIR> d-------- d:\program files\DVDx
2009-01-26 23:01 . 2009-01-26 23:01 <DIR> d-------- d:\windows\Hot Item Finder
2009-01-26 23:01 . 2009-01-26 23:07 <DIR> d-------- d:\program files\HotItemFinder
2009-01-26 22:43 . 2009-01-26 22:43 <DIR> d-------- d:\windows\AuctionYen
2009-01-26 22:43 . 2009-01-26 23:00 <DIR> d-------- d:\program files\AuctionYen
2009-01-25 01:23 . 2009-01-25 01:23 <DIR> d-------- d:\program files\eBay
2009-01-25 01:23 . 2009-01-25 01:23 <DIR> d-------- d:\documents and settings\All Users\eBay
2009-01-23 00:36 . 2009-01-23 00:37 <DIR> d-------- d:\program files\InventoryBuilder
2009-01-22 02:07 . 2009-01-22 02:09 <DIR> d-------- d:\program files\SmartFTP Client
2009-01-21 23:00 . 2009-01-21 23:00 <DIR> d-------- d:\documents and settings\Absurd\Application Data\SmartFTP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 04:23 --------- d-----w d:\program files\Viewpoint
2009-02-21 04:23 --------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2009-02-16 19:02 --------- d-----w d:\documents and settings\Absurd\Application Data\DMCache
2009-02-16 16:45 --------- d-----w d:\program files\SUPERAntiSpyware
2009-02-16 06:11 --------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-02-16 01:44 --------- d-----w d:\program files\Java
2009-02-11 15:19 38,496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-02-07 13:56 325,128 ----a-w d:\windows\system32\drivers\avgldx86.sys
2009-02-07 13:56 107,272 ----a-w d:\windows\system32\drivers\avgtdix.sys
2009-02-07 13:56 10,520 ----a-w d:\windows\system32\avgrsstx.dll
2009-02-07 13:56 --------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-01-25 06:24 --------- d--h--w d:\program files\InstallShield Installation Information
2009-01-23 05:36 25 ----a-w d:\program files\InventoryBuildersettings.ini
2009-01-22 12:08 --------- d-----w d:\program files\Common Files\Macromedia
2009-01-19 09:51 31,504 ----a-w d:\windows\system32\drivers\cmdhlp.sys
2009-01-19 09:51 147,192 ----a-w d:\windows\system32\guard32.dll
2009-01-19 09:50 101,776 ----a-w d:\windows\system32\drivers\cmdguard.sys
2009-01-19 08:59 --------- d-----w d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-19 08:59 --------- d-----w d:\documents and settings\Absurd\Application Data\SUPERAntiSpyware.com
2009-01-19 08:46 --------- d-----w d:\documents and settings\Administrator.UNPARALL-5F4EE2\Application Data\Malwarebytes
2009-01-19 08:31 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-01-15 00:48 --------- d-----w d:\program files\Hammertap
2009-01-07 18:33 3,519 ----a-w d:\windows\bcm1C.tmp
2008-08-14 16:31 1 ----a-w d:\documents and settings\Absurd\SI.bin
2008-04-07 03:47 22,328 ----a-w d:\documents and settings\Absurd\Application Data\PnkBstrK.sys
2008-04-09 17:54 23 --sha-w d:\windows\system32\edddddfcae5_z.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Aim6"="d:\program files\AIM6\aim6.exe" [2008-06-12 50528]
"Google Update"="d:\documents and settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-06-20 800256]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe" [2008-12-22 1830128]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="g:\digidesign\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"M-Audio Taskbar Icon"="d:\windows\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
"COMODO Firewall Pro"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]
"COMODO Internet Security"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]
"nwiz"="nwiz.exe" [2007-12-05 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="d:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

d:\documents and settings\Absurd\Start Menu\Programs\Startup\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-14 113664]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-14 113664]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-02 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-07 08:56 10520 d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Games\\Call Od Duty\\iw3mp.exe"=
"d:\\Program Files\\GIGABYTE\\EasyTune4\\update.exe"=
"d:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"e:\\rainbow 6 vegas 2\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Games\\MVPBB2K5\\mvp2005.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"g:\\Avast\\avgupd.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"d:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Dreamweaver 8\\Dreamweaver.exe"=

R0 DigiFilter;DigiFilter;d:\windows\system32\drivers\DigiFilt.sys [2008-04-04 16384]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);d:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-10-27 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-10-27 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [2008-07-08 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [2008-07-08 31504]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2008-02-06 34312]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R2 CamthWDM;WebcamMax, WDM Video Capture;d:\windows\system32\drivers\CamthWDM.sys [2007-01-11 243584]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-06 472320]
R2 MAudioUSBService;M-Audio USB Installer;d:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-06-08 49152]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);d:\windows\system32\drivers\mausb.sys [2008-06-08 102528]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;d:\windows\system32\drivers\superwebcam.sys [2008-04-02 31872]
S2 avg8emc;AVG Free8 E-mail Scanner;g:\avast\avgemc.exe --> g:\avast\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;g:\avast\avgwdsvc.exe --> g:\avast\avgwdsvc.exe [?]
S2 gupdate1c9196d3bf57de6;Google Update Service (gupdate1c9196d3bf57de6);d:\program files\Google\Update\GoogleUpdate.exe [2008-09-18 133104]
S3 ETDrv;ETDrv;d:\windows\system32\drivers\ETDrv.sys [2008-04-07 185280]
S3 GVTDrv;GVTDrv;d:\windows\system32\drivers\GVTDrv.sys [2008-04-07 24944]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);d:\windows\system32\drivers\mausb.sys [2008-06-08 102528]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
\Shell\Open\command - h:\resycled\boot.com h:
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-16 d:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\program files\Google\Update\GoogleUpdate.exe [2008-09-18 04:01]

2009-02-21 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1935655697-839522115-1004.job
- d:\documents and settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 12:26]

2009-02-17 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-16 10:45]

2008-04-03 d:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-16 10:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - g:\avast\avgtray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 61.145.124.55:80
uInternet Settings,ProxyOverride = *.local
IE: Download All Links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
Trusted Zone: stickam.com\www
TCP: {2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B} = 167.206.254.2,167.206.254.1
FF - ProfilePath - d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - plugin: d:\documents and settings\Absurd\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: g:\downloads\adobe\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 03:35:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hafdokpcgjhpicod"=hex:6e,62,61,6c,69,70,69,6e,6c,63,6a,62,6e,62,62,62,6e,6b,
6f,63,69,62,6d,68,62,6f,6b,63,65,6f,6e,69,6f,6d,68,70,6c,64,62,67,6d,6f,64,\
"jafdokpcgjhpicodiifh"=hex:66,61,61,6c,6b,70,6a,62,6a,62,6c,69,00,06
"panepddoiadpipfamhcalkabhkefmmlo"=hex:65,61,61,6c,6c,70,70,61,68,66,00,69

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,10,da,82,f9,db,48,11,d9,7f,fc,87,ab,11,47,28,5a,3f,7b,4b,1d,45,f1,
41,84,42,6d,4d,3d,24,51,57,25,d2,27,c9,eb,65,bd,32,54,d2,f5,3e,10,ea,57,f8,\
"??"=hex:aa,f8,e9,f9,d4,11,1c,24,45,24,ef,c9,3e,c1,c2,96

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version*Version]
"Version"=hex:ac,6b,4e,f9,2e,07,46,fc,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,
30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c2
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7b,84,7b,03,0a,a5,a2,62,4b,84,89,32,ad,57,a2,5d,12,ea,b6,3c,50,
6b,fd,90,36,06,f2,1d,df,0a,0c,f7,60,b0,95,3b,90,69,bd,1c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cd,56,a9,70,ca,1a,9c,a7,01,d5,66,44,1a,d2,f0,46,22,95,6b,de,bc,
28,54,81,bb,c5,ae,20,82,16,74,d3,0a,1b,7c,5b,63,37,84,0f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
d:\windows\system32\guard32.dll
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
d:\program files\common files\logishrd\bluetooth\LBTServ.dll
d:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(792)
d:\windows\system32\guard32.dll
.
Completion time: 2009-02-21 3:38:02
ComboFix-quarantined-files.txt 2009-02-21 08:37:18

Pre-Run: 1,516,597,248 bytes free
Post-Run: 1,611,706,368 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

310 --- E O F --- 2009-02-21 08:00:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:40 AM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
G:\digidesign\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\Program Files\AIM6\aim6.exe
D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\AIM6\aolsoftware.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.145.124.55:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Avast\avgssie.dll (file missing)
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B}: NameServer = 167.206.254.2,167.206.254.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Avast\avgpp.dll (file missing)
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - G:\Avast\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - G:\Avast\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9196d3bf57de6) (gupdate1c9196d3bf57de6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9335 bytes

Edited by Absurdny, 21 February 2009 - 08:19 AM.

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Absurdny,
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

  • d:\documents and settings\Absurd\SI.bin

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
d:\windows\system32\edddddfcae5_z.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
Lastly in this post

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • Virscan results
  • ComboFix.txt
  • MBAM report

  • 0

#7
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I had done the first step and pressed copy to clipboard but nothing copied when I press paste. I'm not sure if this will help but, I am going to manually highlight everything on the page and copy it.


File information
File Name : SI.bin
File Size : 1 byte
File Type : very short file (no magic)
MD5 : 7a9405d459c2a928b12952e276f9a8f5
SHA1 : 986b212420e3b977068244e6bd916575bb0c15e5

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2008/01/30 23:40:23 (EST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 3.0.0.126 2008.01.30 2008-01-30
-
4.005
AhnLab V3 2008.01.31.10 2008.01.31 2008-01-31
-
1.358
AntiVir 7.6.0.59 7.0.2.72 2008-01-30
-
3.450
Arcavir 1.0.4 200801300928 2008-01-30
-
2.204
AVAST! 1.0.8 080130-1 2008-01-30
-
3.701
AVG 7.5.51.442 269.19.13/1246 2008-01-27
-
1.961
BitDefender 7.60825.978276 7.17230 2008-01-31
-
3.553
CA (VET) 9.0.0.143 31.3.5499 2008-01-31
-
5.249
ClamAV 0.92 5619 2008-01-31
-
0.003
Comodo 2.11 2.0.0.420 2008-01-30
-
0.819
CP Secure 1.1.0.695 2008.01.30 2008-01-30
-
6.431
Dr.Web 4.44.0.9170 2008.01.30 2008-01-30
-
3.757
ewido 4.0.0.2 2008.01.30 2008-01-30
-
3.033
F-Prot 4.4.1.52 20080130 2008-01-30
-
1.503
F-Secure 5.51.6100 2008.01.30.13 2008-01-30
-
3.202
Fortinet 2.81-3.11 8.693 2008-01-31
-
2.291
Ikarus T3.1.01.15 2008.01.31.70236 2008-01-31
-
31.575
JiangMin 10.00.650 2008.01.30 2008-01-30
-
4.215
Kaspersky 5.5.10 2008.01.31 2008-01-31
-
5.038
KingSoft 2007.6.20.249 2008.1.31 2008-01-31
-
0.940
McAfee 5.2.00 5219 2008-01-30
-
3.625
mks_vir 2.01 2008.01.31 2008-01-31
-
3.778
NOD32 2.70.10 2822 2008-01-25
-
0.004
Norman 5.91.10 5.90 2008-01-30
-
11.301
nProtect 2008-01-30.00 1156613 2008-01-30
-
40.246
Panda 9.04.03.0001 2008.01.30 2008-01-30
-
4.118
Prevx V2 20080131 2008-01-31
-
2.071
Quick Heal 9.00 2008.01.30 2008-01-30
-
7.589
Rising 19.0 20.29.22.00 2008-01-30
-
0.533
Sophos 2.53.1 4.25 2008-01-24
-
8.039
Symantec 1.3.0.24 20080130.004 2008-01-30
-
1.327
The Hacker 6.2.9 v00203 2008-01-30
-
0.949
Trend Micro 8.500-1001 4.970.18 2008-01-30
-
0.040
VBA32 3.12.2.6 20080130.2330 2008-01-30
-
1.386
ViRobot 20080130 2008.01.30 2008-01-30
-
0.871
VirusBuster 4.3.19:9 9.120.15/11.0 2008-01-30
-
1.051
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database

--------------------------------------------------------------------

Second step. I have closed all open browsers and created the txt file in notepad and saved it to my desktop where combofix is located. I then dragged the file into combofix. The combofix progress bar comes up and then disappears and no log opens. I do not have no anti-virus or anti-malware programs open. I did not proceed with the next steps because I was not sure if I could without completing the previous step. Also I noticed, when I closed firefox, it did not close out of the task manager. I have to go to the task manager and manually press "end task" in the processes to close firefox.

Edited by Absurdny, 21 February 2009 - 02:15 PM.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...Lets try this.

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok I deleted ComboFix on the desktop, D:\Qoobox and D:\Combofix (D is my system hard drive). I downloaded combofix again and now I got the following pop up message:

Combofix has detected the following real time scanners to be active:
*AVG Anti-Virus Free
*Eset NOD32 Antivirus 3.0

Antivirus and intrusion prevention programs are know to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking 'OK'.

The thing is, these anti-virus programs are not running. They are not in the system tray and when I go into the task manager, there is no instances of them in the running processes. I do not even use NOD32. I use AVG but for some reason, it is not even in the system tray when it is supposed to be. Maybe I should go to add/remove programs and uninstall both for now? Then later on reinstall AVG free again?
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Maybe I should go to add/remove programs and uninstall both for now? Then later on reinstall AVG free again?


No, don't do that for now. Something funny going on though. You were able to run ComboFix earlier on; that's why I thought we would try an new version in case something had got corrupted. Not sure now...

Lets leave ComboFix for a minute and have another look with a different tool.

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

Advertisements


#11
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
SDFix: Version 1.240
Run by Absurd on Sat 02/21/2009 at 05:31 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 17:44:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5a,e0,9d,94,18,cc,01,48,3c,60,d0,4f,05,43,04,c1,94,80,b6,d6,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ad,5c,a2,0a,2a,6b,37,99,35,6e,40,09,3b,36,b1,6d,d3,..
"khjeh"=hex:a5,c2,b3,21,6d,cd,41,53,af,67,53,95,3f,26,94,69,70,3b,0e,b9,1a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,cf,47,0d,f0,ca,01,97,98,8b,40,50,06,5d,f8,3f,82,2d,e4,7b,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5a,e0,9d,94,18,cc,01,48,3c,60,d0,4f,05,43,04,c1,94,80,b6,d6,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ad,5c,a2,0a,2a,6b,37,99,35,6e,40,09,3b,36,b1,6d,d3,..
"khjeh"=hex:a5,c2,b3,21,6d,cd,41,53,af,67,53,95,3f,26,94,69,70,3b,0e,b9,1a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,b6,cd,81,43,f1,e0,f4,b1,b2,d3,fa,fc,fd,76,b0,e3,d1,c2,37,a1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5a,e0,9d,94,18,cc,01,48,3c,60,d0,4f,05,43,04,c1,94,80,b6,d6,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ad,5c,a2,0a,2a,6b,37,99,35,6e,40,09,3b,36,b1,6d,d3,..
"khjeh"=hex:a5,c2,b3,21,6d,cd,41,53,af,67,53,95,3f,26,94,69,70,3b,0e,b9,1a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,cf,47,0d,f0,ca,01,97,98,8b,40,50,06,5d,f8,3f,82,2d,e4,7b,18,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\WINDOWS\system32\guard32.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}]
"hafdokpcgjhpicod"=hex:6e,62,61,6c,69,70,69,6e,6c,63,6a,62,6e,62,62,62,6e,6b,6f,63,69,..
"jafdokpcgjhpicodiifh"=hex:66,61,61,6c,6b,70,6a,62,6a,62,6c,69,00,06
"panepddoiadpipfamhcalkabhkefmmlo"=hex:65,61,61,6c,6c,70,70,61,68,66,00,69

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"="D:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe:*:Enabled:gwflash"
"D:\\WINDOWS\\system32\\PnkBstrA.exe"="D:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\\Games\\Call Od Duty\\iw3mp.exe"="G:\\Games\\Call Od Duty\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"D:\\Program Files\\GIGABYTE\\EasyTune4\\update.exe"="D:\\Program Files\\GIGABYTE\\EasyTune4\\update.exe:*:Enabled:ftptest"
"D:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="D:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"E:\\rainbow 6 vegas 2\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="E:\\rainbow 6 vegas 2\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\AIM6\\aim6.exe"="D:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"D:\\Program Files\\TVAnts\\Tvants.exe"="D:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Games\\MVPBB2K5\\mvp2005.exe"="C:\\Games\\MVPBB2K5\\mvp2005.exe:*:Enabled:mvp2005"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"G:\\Avast\\avgupd.exe"="G:\\Avast\\avgupd.exe:*:Enabled:avgupd.exe"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="D:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 9 Apr 2008 23 A.SH. --- "D:\WINDOWS\system32\edddddfcae5_z.dll"
Fri 27 Feb 2004 233,472 A..H. --- "D:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 17 Nov 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 15 Apr 2008 444 ...HR --- "D:\Documents and Settings\Absurd\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 28 Nov 2006 1,217 A..H. --- "D:\Documents and Settings\All Users\Application Data\Microsoft\56ZrGnInRZqn8\VkK7mgcWEPJuq.tmp"
Sat 21 Oct 2006 1,385 A..H. --- "D:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\3x56ZrGnInR\VkK7mgcWEPJuq.tmp"
Wed 28 Dec 2005 1,374 A..H. --- "D:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\R6rmcOPz\X3tWgW9uYkjqhcj.tmp"

Finished!

-------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:50 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
G:\digidesign\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.145.124.55:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Avast\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B}: NameServer = 167.206.254.2,167.206.254.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Avast\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - G:\Avast\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - G:\Avast\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9196d3bf57de6) (gupdate1c9196d3bf57de6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9075 bytes
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Before we do anything in this post please go to Start > Control Panel > Add or Remove Programs and uninstall Eset or Eset Nod32 Antivirus if it is there.

After that

Check to see if AVG8 is still disabled.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.

Now

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.145.124.55:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Avast\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Avast\avgpp.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

Close all windows other than HiJackThis, then click Fix Checked.

Close HiJackThis.

Next

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    explorer.exe
    
    :services
    EhttpSrv
    
    :files
    D:\Program Files\ESET
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post together with a new HijackThis log.
  • 0

#13
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Eset Nod32 Antivirus was uninstalled successfully.

All the program files for AVG8 are missing. Here is a screenshot of the AVG8 folder:
Posted Image

Here is the OTMoveIt3 log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service EhttpSrv .
========== FILES ==========
D:\Program Files\ESET\ESET NOD32 Antivirus moved successfully.
D:\Program Files\ESET moved successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Absurd\LOCALS~1\Temp\etilqs_suHpWdhkO11cksXny5bF scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_218.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02212009_183410

Files moved on Reboot...
File D:\DOCUME~1\Absurd\LOCALS~1\Temp\etilqs_suHpWdhkO11cksXny5bF not found!
File move failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File D:\WINDOWS\temp\Perflib_Perfdata_218.dat not found!
D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_001_ moved successfully.
D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_002_ moved successfully.
D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_003_ moved successfully.
D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\Cache\_CACHE_MAP_ moved successfully.
D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\urlclassifier3.sqlite moved successfully.
D:\Documents and Settings\Absurd\Local Settings\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\XUL.mfl moved successfully.

------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:24 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
G:\digidesign\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\notepad.exe
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Absurd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B}: NameServer = 167.206.254.2,167.206.254.1
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - G:\Avast\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - G:\Avast\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9196d3bf57de6) (gupdate1c9196d3bf57de6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - D:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8285 bytes

I also wanted to ask you if there is supposed to be this many instances of svchost.exe running:
Posted Image

Edited by Absurdny, 21 February 2009 - 05:54 PM.

  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I also wanted to ask you if there is supposed to be this many instances of svchost.exe running:


This is really a tech question but I understand it is quite normal to have a number of instances of svchost running. Might be related to the number of services running on your machine.

All the program files for AVG8 are missing. Here is a screenshot of the AVG8 folder:


Try uninstalling AVG8 and then re-install it. With luck that should solve your problem with AVG8.

After you have done that you could try the disable AVG8 Resident Shield instruction I gave you and see if you can run ComboFix.
  • 0

#15
Absurdny

Absurdny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok I uninstalled AVG8 and then reinstalled it and it worked. I then disabled resident shield and dragged the text file to combo fix and it produced a log. Here is that log:

ComboFix 09-02-19.01 - Absurd 2009-02-21 23:11:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3007.2580 [GMT -5:00]
Running from: d:\documents and settings\Absurd\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Absurd\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point

FILE ::
d:\windows\system32\edddddfcae5_z.dll
.

((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-21 18:38 . 2009-02-21 18:38 268 --ah----- D:\sqmdata19.sqm
2009-02-21 18:38 . 2009-02-21 18:38 244 --ah----- D:\sqmnoopt19.sqm
2009-02-21 18:34 . 2009-02-21 18:34 <DIR> d-------- D:\_OTMoveIt
2009-02-21 18:24 . 2009-02-21 18:24 268 --ah----- D:\sqmdata18.sqm
2009-02-21 18:24 . 2009-02-21 18:24 244 --ah----- D:\sqmnoopt18.sqm
2009-02-21 17:49 . 2009-02-21 17:49 268 --ah----- D:\sqmdata17.sqm
2009-02-21 17:49 . 2009-02-21 17:49 244 --ah----- D:\sqmnoopt17.sqm
2009-02-21 15:53 . 2009-02-21 15:53 268 --ah----- D:\sqmdata16.sqm
2009-02-21 15:53 . 2009-02-21 15:53 244 --ah----- D:\sqmnoopt16.sqm
2009-02-21 09:12 . 2009-02-21 09:12 268 --ah----- D:\sqmdata15.sqm
2009-02-21 09:12 . 2009-02-21 09:12 244 --ah----- D:\sqmnoopt15.sqm
2009-02-21 01:24 . 2009-02-21 01:24 <DIR> d-------- d:\documents and settings\Absurd\Application Data\Viewpoint
2009-02-21 00:16 . 2009-02-21 00:17 <DIR> d-------- D:\rsit
2009-02-16 16:05 . 2009-02-16 16:05 <DIR> d-------- d:\program files\Trend Micro
2009-02-16 14:01 . 2009-02-16 14:01 268 --ah----- D:\sqmdata14.sqm
2009-02-16 14:01 . 2009-02-16 14:01 244 --ah----- D:\sqmnoopt14.sqm
2009-02-15 20:31 . 2009-02-15 20:31 410,984 --a------ d:\windows\system32\deploytk.dll
2009-02-15 17:42 . 2009-02-15 17:42 268 --ah----- D:\sqmdata13.sqm
2009-02-15 17:42 . 2009-02-15 17:42 244 --ah----- D:\sqmnoopt13.sqm
2009-02-15 02:20 . 2009-02-15 13:14 287 --a------ d:\windows\LEXSTAT.INI
2009-02-15 02:19 . 2009-02-15 02:19 <DIR> d-------- d:\program files\Lexmark 640 Series
2009-02-15 02:19 . 2004-05-24 13:23 311,296 --a------ d:\windows\system32\LEXBCES.EXE
2009-02-15 02:19 . 1997-04-08 20:08 299,520 --a------ d:\windows\uninst.exe
2009-02-15 02:19 . 2004-05-24 13:21 201,216 --a------ d:\windows\system32\LEXP2P32.DLL
2009-02-15 02:19 . 2004-05-24 13:42 200,704 --a------ d:\windows\system32\lexlmpm.dll
2009-02-15 02:19 . 2004-05-24 13:26 198,144 --a------ d:\windows\system32\LEX2KUSB.DLL
2009-02-15 02:19 . 2004-05-24 13:22 174,592 --a------ d:\windows\system32\LEXPPS.EXE
2009-02-15 02:19 . 2004-05-24 13:22 147,456 --a------ d:\windows\system32\LEXBCE.DLL
2009-02-15 02:19 . 2006-03-28 05:29 73,728 --a------ d:\windows\system32\lxdapwr.dll
2009-02-14 07:10 . 2009-02-14 07:10 268 --ah----- D:\sqmdata12.sqm
2009-02-14 07:10 . 2009-02-14 07:10 244 --ah----- D:\sqmnoopt12.sqm
2009-02-14 06:33 . 2009-02-14 06:33 0 --a------ d:\windows\nsreg.dat
2009-02-14 06:31 . 2009-02-14 06:31 <DIR> d-------- d:\documents and settings\stickam\Application Data\Logitech
2009-02-14 06:31 . 2009-02-21 23:03 <DIR> d-------- d:\documents and settings\stickam
2009-02-14 06:01 . 2009-02-14 06:01 <DIR> d-------- d:\documents and settings\Absurd\Application Data\MSNInstaller
2009-02-14 05:54 . 2009-02-14 05:54 268 --ah----- D:\sqmdata11.sqm
2009-02-14 05:54 . 2009-02-14 05:54 244 --ah----- D:\sqmnoopt11.sqm
2009-02-12 15:50 . 2009-02-12 15:50 268 --ah----- D:\sqmdata10.sqm
2009-02-12 15:50 . 2009-02-12 15:50 244 --ah----- D:\sqmnoopt10.sqm
2009-02-12 14:36 . 2009-02-12 14:36 268 --ah----- D:\sqmdata09.sqm
2009-02-12 14:36 . 2009-02-12 14:36 244 --ah----- D:\sqmnoopt09.sqm
2009-02-12 14:08 . 2009-02-12 14:08 268 --ah----- D:\sqmdata08.sqm
2009-02-12 14:08 . 2009-02-12 14:08 244 --ah----- D:\sqmnoopt08.sqm
2009-01-27 18:49 . 2009-01-27 18:49 <DIR> d-------- d:\program files\AviSynth 2.5
2009-01-27 18:49 . 2009-01-27 18:49 43,698 --a------ d:\windows\system32\xvid-uninstall.exe
2009-01-27 18:48 . 2009-01-27 18:48 <DIR> d-------- d:\program files\Gabest
2009-01-27 18:47 . 2009-01-27 18:49 <DIR> d-------- d:\program files\AutoGK
2009-01-27 18:24 . 2009-01-27 18:25 <DIR> d-------- d:\program files\E.M. DVD Copy
2009-01-27 17:51 . 2009-01-27 17:51 <DIR> d-------- d:\documents and settings\Absurd\Application Data\NeroDigital™
2009-01-27 15:32 . 2009-01-27 15:32 <DIR> d--h----- D:\BJPrinter
2009-01-27 15:32 . 2002-02-12 14:00 97,280 --a------ d:\windows\system32\CNMLM3w.DLL
2009-01-27 15:32 . 2002-01-17 11:48 36,864 --a------ d:\windows\system32\CNMCP3W.EXE
2009-01-27 15:32 . 2002-02-12 14:00 5,632 --a------ d:\windows\system32\CNMVS3w.DLL
2009-01-27 15:28 . 2008-04-14 00:17 25,856 --a------ d:\windows\system32\drivers\usbprint.sys
2009-01-27 15:28 . 2008-04-14 00:17 25,856 --a--c--- d:\windows\system32\dllcache\usbprint.sys
2009-01-27 14:57 . 2009-01-27 14:57 <DIR> d-------- d:\program files\DVDx
2009-01-26 23:01 . 2009-01-26 23:01 <DIR> d-------- d:\windows\Hot Item Finder
2009-01-26 23:01 . 2009-01-26 23:07 <DIR> d-------- d:\program files\HotItemFinder
2009-01-26 22:43 . 2009-01-26 22:43 <DIR> d-------- d:\windows\AuctionYen
2009-01-26 22:43 . 2009-01-26 23:00 <DIR> d-------- d:\program files\AuctionYen
2009-01-25 01:23 . 2009-01-25 01:23 <DIR> d-------- d:\program files\eBay
2009-01-25 01:23 . 2009-01-25 01:23 <DIR> d-------- d:\documents and settings\All Users\eBay
2009-01-23 00:36 . 2009-01-23 00:37 <DIR> d-------- d:\program files\InventoryBuilder
2009-01-22 02:07 . 2009-01-22 02:09 <DIR> d-------- d:\program files\SmartFTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 04:14 --------- d-----w d:\documents and settings\Absurd\Application Data\DMCache
2009-02-22 04:02 --------- d-----w d:\program files\AVG
2009-02-22 04:01 --------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-02-22 03:38 --------- d-----w d:\program files\TVAnts
2009-02-22 03:36 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-22 03:23 --------- d-----w d:\program files\Microsoft Bootvis
2009-02-22 03:22 --------- d-----w d:\program files\Google
2009-02-22 02:30 --------- d-----w d:\program files\Bonjour
2009-02-21 04:23 --------- d-----w d:\program files\Viewpoint
2009-02-21 04:23 --------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2009-02-16 16:45 --------- d-----w d:\program files\SUPERAntiSpyware
2009-02-16 06:11 --------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-02-16 01:44 --------- d-----w d:\program files\Java
2009-02-11 15:19 38,496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-02-07 13:56 325,128 ----a-w d:\windows\system32\drivers\avgldx86.sys
2009-02-07 13:56 107,272 ----a-w d:\windows\system32\drivers\avgtdix.sys
2009-01-23 05:36 25 ----a-w d:\program files\InventoryBuildersettings.ini
2009-01-22 12:08 --------- d-----w d:\program files\Common Files\Macromedia
2009-01-22 04:00 --------- d-----w d:\documents and settings\Absurd\Application Data\SmartFTP
2009-01-19 09:51 31,504 ----a-w d:\windows\system32\drivers\cmdhlp.sys
2009-01-19 09:50 101,776 ----a-w d:\windows\system32\drivers\cmdguard.sys
2009-01-19 08:59 --------- d-----w d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-19 08:59 --------- d-----w d:\documents and settings\Absurd\Application Data\SUPERAntiSpyware.com
2009-01-19 08:46 --------- d-----w d:\documents and settings\Administrator.UNPARALL-5F4EE2\Application Data\Malwarebytes
2009-01-19 08:31 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-01-15 00:48 --------- d-----w d:\program files\Hammertap
2009-01-07 18:33 3,519 ----a-w d:\windows\bcm1C.tmp
2008-08-14 16:31 1 ----a-w d:\documents and settings\Absurd\SI.bin
2008-04-07 03:47 22,328 ----a-w d:\documents and settings\Absurd\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_22.53.21.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-22 04:14:29 16,384 ----atw d:\windows\temp\Perflib_Perfdata_100.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Aim6"="d:\program files\AIM6\aim6.exe" [2008-06-12 50528]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-06-20 800256]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe" [2008-12-22 1830128]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="g:\digidesign\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"M-Audio Taskbar Icon"="d:\windows\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
"COMODO Firewall Pro"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]
"COMODO Internet Security"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-21 1601304]
"nwiz"="nwiz.exe" [2007-12-05 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="d:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

d:\documents and settings\Absurd\Start Menu\Programs\Startup\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-14 113664]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-14 113664]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-02 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-07 08:56 10520 d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\GIGABYTE\\EasyTune4\\update.exe"=
"d:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"e:\\rainbow 6 vegas 2\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"g:\\Avast\\avgupd.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"d:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Dreamweaver 8\\Dreamweaver.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 DigiFilter;DigiFilter;d:\windows\system32\drivers\DigiFilt.sys [2008-04-04 16384]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);d:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-10-27 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-10-27 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [2008-07-08 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [2008-07-08 31504]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-02-21 903960]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-21 298264]
R2 MAudioUSBService;M-Audio USB Installer;d:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-06-08 49152]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);d:\windows\system32\drivers\mausb.sys [2008-06-08 102528]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;d:\windows\system32\drivers\superwebcam.sys [2008-04-02 31872]
S3 ETDrv;ETDrv;d:\windows\system32\drivers\ETDrv.sys [2008-04-07 185280]
S3 GVTDrv;GVTDrv;d:\windows\system32\drivers\GVTDrv.sys [2008-04-07 24944]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);d:\windows\system32\drivers\mausb.sys [2008-06-08 102528]
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-16 10:45]

2008-04-03 d:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-16 10:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download All Links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
Trusted Zone: stickam.com\www
TCP: {2BA77C4F-C5DA-4A32-BD8D-C0D21D48050B} = 167.206.254.2,167.206.254.1
FF - ProfilePath - d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: g:\downloads\adobe\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 23:14:32
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hafdokpcgjhpicod"=hex:6e,62,61,6c,69,70,69,6e,6c,63,6a,62,6e,62,62,62,6e,6b,
6f,63,69,62,6d,68,62,6f,6b,63,65,6f,6e,69,6f,6d,68,70,6c,64,62,67,6d,6f,64,\
"jafdokpcgjhpicodiifh"=hex:66,61,61,6c,6b,70,6a,62,6a,62,6c,69,00,06
"panepddoiadpipfamhcalkabhkefmmlo"=hex:65,61,61,6c,6c,70,70,61,68,66,00,69

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,10,da,82,f9,db,48,11,d9,7f,fc,87,ab,11,47,28,5a,3f,7b,4b,1d,45,f1,
41,84,42,6d,4d,3d,24,51,57,25,d2,27,c9,eb,65,bd,32,54,d2,f5,3e,10,ea,57,f8,\
"??"=hex:aa,f8,e9,f9,d4,11,1c,24,45,24,ef,c9,3e,c1,c2,96

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Adobe\\Adobe premiere pro 1.5\\Help\\index.html"
"Contents"="c:\\Adobe\\Adobe premiere pro 1.5\\Help\\index.html"
"ExportToDVD"="c:\\Adobe\\Adobe premiere pro 1.5\\Help\\index.html"
"HowToUse"="c:\\Adobe\\Adobe premiere pro 1.5\\Help\\index.html"
"Keyboard"="c:\\Adobe\\Adobe premiere pro 1.5\\Help\\index.html"
"Search"="c:\\Adobe\\Adobe premiere pro 1.5\\Help\\index.html"
"Support"="http://www.adobe.com.../premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version*Version]
"Version"=hex:ac,6b,4e,f9,2e,07,46,fc,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,
30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c2
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7b,84,7b,03,0a,a5,a2,62,4b,84,89,32,ad,57,a2,5d,12,ea,b6,3c,50,
6b,fd,90,36,06,f2,1d,df,0a,0c,f7,60,b0,95,3b,90,69,bd,1c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cd,56,a9,70,ca,1a,9c,a7,01,d5,66,44,1a,d2,f0,46,22,95,6b,de,bc,
28,54,81,bb,c5,ae,20,82,16,74,d3,0a,1b,7c,5b,63,37,84,0f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
d:\program files\common files\logishrd\bluetooth\LBTServ.dll
d:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\LEXBCES.EXE
d:\windows\system32\LEXPPS.EXE
d:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\COMODO\Firewall\cmdagent.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\IoctlSvc.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\AVG\AVG8\avgrsx.exe
d:\progra~1\AVG\AVG8\avgnsx.exe
d:\program files\AVG\AVG8\avgcsrvx.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\rundll32.exe
d:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-02-21 23:18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 04:18:15
ComboFix2.txt 2009-02-22 03:54:37

Pre-Run: 2,684,018,688 bytes free
Post-Run: 2,668,433,408 bytes free

312 --- E O F --- 2009-02-21 22:20:54
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP