Solved Blue Screen Reboot, Slowed Internet, Iphone Shortcut

bronskater · 2009/04/27

[Resolved] Blue Screen Reboot, Slowed Internet, Iphone Shortcut

Hello, thanks for taking the time to read this. Recently sometimes I try to watch video clips I have downloaded from the internet and a Blue Screen pops up and my computer reboots but comes so quickly I cannot see what it says. My internet has gotten extremely slow, I have contacted my ISP and nothing has changed on my account and I also have an IPHONE shortcut in my MYComputer in which i haven never installed one to my computer and lately have not installed or doen anything differently with any Ipod or Itunes devices. When I click on the Iphone shortcut, AVG says it is an invisible application and maybe a virus/malware. Any help would be greatly appreciated, I have included a recent HijackThis report. thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 7:23:13 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Admin. · 2009/05/05

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

bronskater · 2009/05/06

sorry about that, i missed it. here are the logs:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Chris R at 1:53:29.45 on Wed 05/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2339 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris R\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
uRun: [ATI Scheduler] c:\program files\ati multimedia\main\ATISched.EXE
uRun: [mount.exe] c:\program files\gipo@utilities\fileutilities.3\mount.exe /z
mRun: [ALi5289] c:\program files\uli5289\ALi5289.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BtcMaestro] "c:\program files\hp multimedia keyboard\KMaestro.exe "
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\CPF.exe" /background
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TV Card Remote Control Device Monitor] c:\windows\3xHybridRMT.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\chrisr~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file://e:\cdviewer\CdViewer.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-5-17 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-5-17 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-22 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-6-28 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-22 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298264]
R2 CmdAgent;Comodo Application Agent;c:\program files\comodo\firewall\cmdagent.exe [2007-8-20 361040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-3 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 3xHybrid;SAA7130 TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2008-7-21 716160]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2006-5-17 26752]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2008-7-21 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-7-21 25984]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-6-21 16512]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-12-17 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-12-17 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-8-15 23680]

=============== Created Last 30 ================

2009-05-05 00:17 <DIR> --d----- C:\87dbd1d1c4c2f9adab0264becce5eef0
2009-04-19 00:46 <DIR> --d----- c:\program files\Windows Resource Kits
2009-04-15 02:48 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 02:48 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 02:48 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 02:48 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 02:48 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 02:48 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 02:48 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 02:48 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 02:48 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 02:45 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 02:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 02:45 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-09 23:21 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2008-11-16 17:36 24,192 a------- c:\documents and settings\chris r\usbsermptxp.sys
2008-11-16 17:36 22,768 a------- c:\documents and settings\chris r\usbsermpt.sys
2008-03-29 20:13 79,328 a------- c:\documents and settings\chris r\mqdmserd.sys
2008-03-29 20:13 5,936 a------- c:\documents and settings\chris r\mqdmwhnt.sys
2008-03-29 20:13 92,064 a------- c:\documents and settings\chris r\mqdmmdm.sys
2008-03-29 20:13 66,656 a------- c:\documents and settings\chris r\mqdmbus.sys
2008-03-29 20:13 9,232 a------- c:\documents and settings\chris r\mqdmmdfl.sys
2008-03-29 20:13 6,208 a------- c:\documents and settings\chris r\mqdmcmnt.sys
2008-03-29 20:13 4,048 a------- c:\documents and settings\chris r\mqdmcr.sys
2008-12-12 08:23 144 a--sh--- c:\windows\system32\3559006152.dat
2008-07-13 00:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071320080714\index.dat

============= FINISH: 1:54:10.54 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2006 7:26:49 PM
System Uptime: 5/3/2009 11:05:35 AM (62 hours ago)

Motherboard: http://www.abit.com.tw/ | | UL8 (ULI M1689)
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1840/205mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 42.378 GiB free.
D: is FIXED (NTFS) - 279 GiB total, 22.011 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10B9&DEV_5455&SUBSYS_2207147B&REV_20\3&13C0B0C5&0&20
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10B9&DEV_5455&SUBSYS_2207147B&REV_20\3&13C0B0C5&0&20
Service:

==== System Restore Points ===================

RP1167: 2/3/2009 10:40:51 PM - System Checkpoint
RP1168: 2/5/2009 10:11:00 PM - Software Distribution Service 3.0
RP1169: 2/8/2009 10:10:45 PM - System Checkpoint
RP1170: 2/10/2009 2:07:48 AM - Software Distribution Service 3.0
RP1171: 2/11/2009 2:31:43 AM - Avg8 Update
RP1172: 2/11/2009 3:00:15 AM - Software Distribution Service 3.0
RP1173: 2/13/2009 7:27:48 PM - Avg8 Update
RP1174: 2/14/2009 2:15:38 AM - Software Distribution Service 3.0
RP1175: 2/15/2009 7:16:18 PM - System Checkpoint
RP1176: 2/16/2009 5:25:52 PM - Software Distribution Service 3.0
RP1177: 2/19/2009 4:25:31 PM - Software Distribution Service 3.0
RP1178: 2/20/2009 9:16:19 PM - System Checkpoint
RP1179: 2/22/2009 2:40:42 PM - System Checkpoint
RP1180: 2/23/2009 6:12:10 PM - Software Distribution Service 3.0
RP1181: 2/24/2009 8:02:55 PM - Software Distribution Service 3.0
RP1182: 2/25/2009 9:16:50 PM - System Checkpoint
RP1183: 2/26/2009 7:32:52 PM - Software Distribution Service 3.0
RP1184: 2/27/2009 10:50:20 PM - System Checkpoint
RP1185: 3/1/2009 11:35:49 PM - System Checkpoint
RP1186: 3/2/2009 3:22:42 PM - Software Distribution Service 3.0
RP1187: 3/5/2009 2:04:55 AM - Avg8 Update
RP1188: 3/6/2009 3:07:41 AM - Software Distribution Service 3.0
RP1189: 3/7/2009 3:39:24 AM - System Checkpoint
RP1190: 3/8/2009 4:46:11 AM - System Checkpoint
RP1191: 3/9/2009 5:42:44 AM - System Checkpoint
RP1192: 3/9/2009 11:45:52 AM - Software Distribution Service 3.0
RP1193: 3/10/2009 12:43:24 AM - Software Distribution Service 3.0
RP1194: 3/11/2009 10:24:07 PM - Software Distribution Service 3.0
RP1195: 3/12/2009 3:37:26 PM - Software Distribution Service 3.0
RP1196: 3/13/2009 2:00:15 AM - Software Distribution Service 3.0
RP1197: 3/14/2009 5:51:30 PM - System Checkpoint
RP1198: 3/14/2009 6:39:12 PM - Installed Adobe Premiere 6.5
RP1199: 3/17/2009 7:39:38 PM - Avg8 Update
RP1200: 3/18/2009 2:20:29 AM - Software Distribution Service 3.0
RP1201: 3/19/2009 3:42:56 AM - System Checkpoint
RP1202: 3/19/2009 7:10:34 PM - Software Distribution Service 3.0
RP1203: 3/21/2009 9:19:02 PM - System Checkpoint
RP1204: 3/23/2009 5:01:07 AM - System Checkpoint
RP1205: 3/25/2009 2:50:48 AM - Software Distribution Service 3.0
RP1206: 3/27/2009 2:14:13 AM - Software Distribution Service 3.0
RP1207: 3/27/2009 2:14:54 AM - Avg8 Update
RP1208: 3/28/2009 9:51:54 AM - System Checkpoint
RP1209: 3/29/2009 10:01:55 PM - System Checkpoint
RP1210: 3/31/2009 4:38:44 PM - Software Distribution Service 3.0
RP1211: 4/1/2009 8:31:30 PM - System Checkpoint
RP1212: 4/2/2009 4:28:40 PM - Software Distribution Service 3.0
RP1213: 4/3/2009 7:14:05 PM - System Checkpoint
RP1214: 4/3/2009 7:41:46 PM - Software Distribution Service 3.0
RP1215: 4/6/2009 8:22:00 PM - Software Distribution Service 3.0
RP1216: 4/7/2009 8:49:17 PM - System Checkpoint
RP1217: 4/8/2009 10:16:54 PM - System Checkpoint
RP1218: 4/9/2009 11:21:13 PM - Installed Java(TM) 6 Update 13
RP1219: 4/11/2009 11:40:25 PM - System Checkpoint
RP1220: 4/14/2009 2:47:03 AM - Software Distribution Service 3.0
RP1221: 4/15/2009 3:00:15 AM - Software Distribution Service 3.0
RP1222: 4/16/2009 3:12:32 AM - Avg8 Update
RP1223: 4/17/2009 9:34:32 PM - System Checkpoint
RP1224: 4/18/2009 10:05:36 PM - System Checkpoint
RP1225: 4/19/2009 12:46:44 AM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP1226: 4/20/2009 5:44:24 AM - System Checkpoint
RP1227: 4/22/2009 4:01:33 PM - Installed HP Product Assistant
RP1228: 4/23/2009 2:43:38 PM - Software Distribution Service 3.0
RP1229: 4/27/2009 6:58:40 PM - Software Distribution Service 3.0
RP1230: 4/30/2009 6:43:21 PM - Software Distribution Service 3.0
RP1231: 5/1/2009 6:45:56 PM - System Checkpoint
RP1232: 5/3/2009 6:48:50 PM - System Checkpoint
RP1233: 5/5/2009 12:17:28 AM - Software Distribution Service 3.0

==== Installed Programs ======================

1500
1500_Help
1500Trb
4Media iPod to PC Transfer
Ad-Aware
Adobe After Effects 6.5
Adobe Encore DVD 1.0
Adobe Flash Player 10 ActiveX
Adobe Illustrator CS
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Streamline 4.0
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Advanced RealMedia Export Plug-in for Premiere 6.0
AIM 6
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HFX Pack
ATI Multimedia Center
ATI Multimedia Center 9.16
Audacity 1.2.6
AutoUpdate
Avanquest update
AVG Free 8.0
AVIVO Codecs
BearShare
Belarc Advisor 7.2
BufferChm
Cleaner 5 EZ
COMODO Firewall Pro
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
DAO
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
eSupportQFolder
Fax
FLV Player 1.3.3
FlvGrabber
Free YouTube to iPod Converter version 3.1
FreeRIP v3.00
GdiplusUpgrade
GiPo@FileUtilities 3.2
HijackThis 1.99.1
honestech TVR
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Driver V1.6 (2.0.W-137A9 MUL)
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Moyea FLV to Video Converter version 1.3.1.0
MP3 to WAV Decoder
MP3 WAV Converter 3.15
MP3 WAV Converter 3.18
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero Suite
NewCopy
Nokia Multimedia Converter Pro v2.0
ObjectDock
Panda ActiveScan
ProductContext
QuickTime
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SolutionCenter
Sony Vegas Pro 8.0
Sound Blaster X-Fi
SpywareBlaster 4.1
Status
TC Native Essentials 2.02
TitanTV Client components for ATI
TrayApp
ULi M5289 SATA Controller Driver
ULi PCI to AGP Controller Driver
Uninstall 1.0.0.1
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WAV to MP3 Encoder
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Yahoo! Internet Mail

==== Event Viewer Messages From Past Week ========

5/5/2009 12:18:06 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/2/2009 9:59:24 PM, error: ati2mtag [45062] - CRT invalid display type
5/2/2009 2:34:23 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

==== End Of File ===========================

broni · 2009/05/15

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bronskater · 2009/05/17

thanks for your time, here are all 4 logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2009 at 04:37 AM

Application Version : 4.26.1002

Core Rules Database Version : 3897
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 01:18:52

Memory items scanned : 236
Memory threats detected : 0
Registry items scanned : 6079
Registry threats detected : 14
File items scanned : 94445
File threats detected : 505

Adware.SysGuard/FakeAlert-E
[system tool] C:\WINDOWS\SYSGUARD.EXE
C:\WINDOWS\SYSGUARD.EXE
C:\WINDOWS\Prefetch\SYSGUARD.EXE-39D8A190.pf

Adware.MyWebSearch/FunWebProducts
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

Unclassified.PC MightyMax
HKU\S-1-5-21-1292428093-1220945662-839522115-1004\Software\PC MightyMax

Adware.SysGuard/FakeAlert
HKU\S-1-5-21-1292428093-1220945662-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run#system tool [ C:\WINDOWS\sysguard.exe ]

Trojan.Agent/Gen-RandX2
C:\DOCUMENTS AND SETTINGS\CHRIS R\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RBSD1HG1\INSTALL[1].EXE

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

Trojan.Unclassified-Packed/Suspicious
C:\WINDOWS\SYSTEM32\IEHELPER.DLL

Malwarebytes' Anti-Malware 1.36
Database version: 2144
Windows 5.1.2600 Service Pack 3

5/17/2009 5:45:46 AM
mbam-log-2009-05-17 (05-45-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 189381
Time elapsed: 30 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris R\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 17:33:32
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0x9354B0D2]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0x9354D302]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0x9354B02C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0x9354BAAE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateThread [0x9354AD12]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0x9354CCB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0x9354BEC0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteValueKey [0x9354BDDA]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenProcess [0x9354BB94]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0x9354B9E0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenThread [0x9354BCB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0x9354ABB4]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0x9354CDE0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetValueKey [0x9354B26A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0x9354BFA0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwTerminateProcess [0x9354AF66]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0x9354D14A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0x9354CFB4]

---- Kernel code sections - GMER 1.0.15 ----

? knuuk.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Comodo\Firewall\CPF.exe[2000] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Comodo\Firewall\CPF.exe[2000] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [05, 5F]
.text C:\Program Files\Comodo\Firewall\CPF.exe[2000] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3448] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA14B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA14B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA14B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA14B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Maestro1.sys (KeyMaestro Sys for Windows NT, 2000, .../BTC)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Maestro1.sys (KeyMaestro Sys for Windows NT, 2000, .../BTC)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000e6afebb3a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000e6afebb3a@001cc1694792 0x8A 0x23 0x87 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000e6afebb3a
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000e6afebb3a@001cc1694792 0x8A 0x23 0x87 0x95 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F54A762-033B-B561-FAA0-DBF8F61A264D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F54A762-033B-B561-FAA0-DBF8F61A264D}@iapnckdeapmpobhhmd 0x6A 0x61 0x6D 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F54A762-033B-B561-FAA0-DBF8F61A264D}@habbmledjkgjgfgb 0x6A 0x61 0x6D 0x6C ...

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:31 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivguardian.com
O1 - Hosts: 94.232.248.66 www.antivguardian.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8548 bytes

broni · 2009/05/17

1. Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click Restore MS Hosts File and then click OK.
* Click the X to exit the program

Restart computer.

2. Download avz4.zip from here

Unzip it to your desktop to a folder named avz4

Double click on AVZ.exe to run it.

Run an update by clicking the Auto Update button on the Right of the Log window:

Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

After the update, from the "File " menu, choose "Standard Scripts "

Put a check next to item 2: Advanced System Analysis

Click Execute selected scripts

At the next prompt, click the Yes button

Let the scan run and click "OK" when the completion prompt pops up

Now Close out of the Standard Scripts window, and exit AVZ

Navigate to the avz4 folder and locate the folder LOG

Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip

Attach the compressed file, virusinfo_syscheck.zip, to your next reply.

3. Post fresh HJT log.

bronskater · 2009/05/18

sorry for being a newb, but i couldnt find an attach button or anything on how to do it. here is the HJT log though:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:35 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8428 bytes

broni · 2009/05/18

I need that AVZ log.
To attach a file, click on "Manage Attachments" button underneath "Reply" window.
A pop-up window will open. Click on "Browse" button to navigate to a file location, and then click on "Upload" button.

bronskater · 2009/05/18

there isnt anything anywhere on this page that says Manage Attachments or that even says the word attachment, ive tried different links to post replies and still nothing concerning attachments is anywhere to be found.

broni · 2009/05/18

Look at this picture: http://209.85.48.8/228/109/upload/p4364160.gif

bronskater · 2009/05/19

this is all i have:

broni · 2009/05/19

This is weird. You may want to contact administrator about it.

Meanwhile, upload AVZ log here: http://www.filedropper.com/
Post download link for me.

bronskater · 2009/05/19

http://www.filedropper.com/virusinfosyscheck

broni · 2009/05/19

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

Other than that, all clean.
Since your computer had some infections...

1. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Let me know, how is your computer doing.

bronskater · 2009/05/25

hi sorry for my delayed response, i have a process called 3xhybridRMT.exe that keeps trying to run, still have the iPhone shortcut in MyComputer and my internet still seems to be slow. Ive installed WOT and did the windows update and everything else you have asked.

broni · 2009/05/25

Download, and install AVP Tool.
After installation, leave all settings as they're, and simply click on Scan button.
When scan is done, and any objects are found, click on Neutralize all button.
Next, click Reports... button, then Save to file....
Save the file to know location as report.txt.
Open report.txt in Notepad, copy all content, and post it in your next reply.

NOTE. If the file is very large, please, upload it here: http://www.filedropper.com/
Post download link.

bronskater · 2009/05/25

no threats found:
http://www.filedropper.com/report

broni · 2009/05/25

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

bronskater · 2009/05/25

i see that the 3xhybrid is something for the tv card remote does that mean its not a bad thing? also the iphone is still there, i read somewhere that the AppleMobileDeviceSupport.exe is maybe responsible for that but i disabled that in startup awhile ago and also i was wondering how i can get rid of the ItunesHelper.exe from running all the time.

ComboFix 09-05-25.05 - Chris R 05/25/2009 21:32.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2587 [GMT -5:00]
Running from: c:\documents and settings\Chris R\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 00:57 . 2009-05-26 02:34 7741472 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-26 00:23 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2D776DC1-C6D7-43EC-9974-B38C57D33612}\mpengine.dll
2009-05-24 23:54 . 2009-05-24 23:54 -------- d-----w c:\program files\WOT
2009-05-24 23:37 . 2009-05-26 00:57 -------- d-----w c:\windows\LastGood
2009-05-24 22:46 . 2009-05-24 22:46 -------- d-sh--w c:\documents and settings\Chris R\IECompatCache
2009-05-22 01:02 . 2009-05-22 01:02 -------- d-sh--w c:\documents and settings\Chris R\PrivacIE
2009-05-21 23:25 . 2009-05-21 23:25 -------- d-sh--w c:\documents and settings\Chris R\IETldCache
2009-05-21 23:12 . 2009-05-21 23:12 -------- d-----w C:\f488d37fe5dc22d4f01a779b76
2009-05-21 23:08 . 2009-05-21 23:08 -------- d-----w c:\windows\ie8updates
2009-05-21 23:08 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-21 23:08 . 2009-05-21 23:08 -------- dc-h--w c:\windows\ie8
2009-05-19 23:10 . 2009-05-11 23:22 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 23:10 . 2009-05-11 23:22 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 23:10 . 2009-05-11 23:22 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 23:10 . 2009-05-11 23:22 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 23:10 . 2009-05-11 23:22 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 23:10 . 2009-05-11 23:22 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 23:10 . 2009-05-11 23:22 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 23:10 . 2009-05-10 14:27 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 23:10 . 2009-05-10 14:27 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-17 10:04 . 2009-05-17 10:04 -------- d-----w c:\documents and settings\Chris R\Application Data\Malwarebytes
2009-05-17 10:04 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 10:03 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 10:03 . 2009-05-17 10:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 10:03 . 2009-05-17 10:03 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-17 08:10 . 2009-05-17 09:50 117760 ----a-w c:\documents and settings\Chris R\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-17 08:10 . 2009-05-17 08:10 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-17 08:10 . 2009-05-17 08:10 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-17 08:10 . 2009-05-17 08:10 -------- d-----w c:\documents and settings\Chris R\Application Data\SUPERAntiSpyware.com
2009-05-15 22:24 . 2009-05-11 23:22 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-15 22:24 . 2009-05-11 23:22 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-12 00:16 . 2009-05-12 00:16 10121 ----a-w c:\documents and settings\Chris R\Application Data\AVS4YOU\kern.dll
2009-05-12 00:16 . 2009-05-12 00:16 422 ----a-w c:\documents and settings\Chris R\Application Data\AdobeUM\socks1.exe
2009-05-12 00:16 . 2009-05-12 00:16 16141 ----a-w c:\documents and settings\Chris R\Application Data\Apple Computer\lego.exe
2009-05-12 00:16 . 2009-05-12 00:16 145131 ----a-w c:\documents and settings\Chris R\Application Data\Ahead\nomad.exe
2009-05-12 00:16 . 2009-05-12 00:16 13221 ----a-w c:\documents and settings\Chris R\Application Data\Adobe\rengo.dll
2009-05-12 00:16 . 2009-05-12 00:16 11410 ----a-w c:\documents and settings\Chris R\Application Data\ATI MMC\msgdi.dll
2009-05-12 00:16 . 2009-05-12 00:16 11232 ----a-w c:\documents and settings\Chris R\Application Data\acccore\shalom.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 00:57 . 2009-05-26 00:57 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-26 00:57 . 2007-08-20 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-21 23:27 . 2006-05-17 23:52 21648 ----a-w c:\documents and settings\Chris R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 22:42 . 2008-10-13 06:33 -------- d-----w c:\program files\iTunes
2009-05-18 00:20 . 2005-01-14 07:52 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-17 22:39 . 2008-12-19 03:40 -------- d-----w c:\program files\trend micro
2009-05-17 08:09 . 2008-06-23 05:20 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-11 23:22 . 2008-06-23 04:19 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 23:22 . 2008-06-23 04:19 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 23:22 . 2007-06-29 02:51 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-11 23:22 . 2008-06-23 04:19 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 18:06 . 2006-06-13 00:59 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-04-22 21:01 . 2009-04-22 21:01 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-19 05:46 . 2009-04-19 05:46 -------- d-----w c:\program files\Windows Resource Kits
2009-04-10 04:21 . 2009-04-10 04:21 57344 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-53c7a249-n\Decora-SSE.dll
2009-04-10 04:21 . 2009-04-10 04:21 24064 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3d730fed-n\Decora-D3D.dll
2009-04-10 04:21 . 2009-04-10 04:21 315392 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-338ca1f4-n\jogl.dll
2009-04-10 04:21 . 2009-04-10 04:21 20480 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-338ca1f4-n\jogl_awt.dll
2009-04-10 04:21 . 2009-04-10 04:21 20480 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-547cf855-n\gluegen-rt.dll
2009-04-10 04:21 . 2009-04-10 04:21 114688 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-338ca1f4-n\jogl_cg.dll
2009-04-10 04:21 . 2009-04-10 04:21 499712 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-191d2da3-n\msvcp71.dll
2009-04-10 04:21 . 2009-04-10 04:21 499712 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-191d2da3-n\jmc.dll
2009-04-10 04:21 . 2009-04-10 04:21 348160 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-191d2da3-n\msvcr71.dll
2009-04-10 04:21 . 2009-04-10 04:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-10 04:21 . 2006-05-29 10:29 -------- d-----w c:\program files\Java
2009-04-10 04:20 . 2009-04-10 04:20 152576 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-30 01:07 . 2006-05-17 23:53 -------- d-----w c:\documents and settings\Chris R\Application Data\ATI MMC
2009-03-30 01:07 . 2006-05-17 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2008-12-12 13:23 . 2008-10-02 05:02 144 --sha-w c:\windows\system32\3559006152.dat
.

------- Sigcheck -------

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-11-01 57344]
"ATI Scheduler "= "c:\program files\ATI Multimedia\MAIN\ATISched.EXE" [2006-11-01 26624]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289 "= "c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-08 344064]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BtcMaestro "= "c:\program files\HP Multimedia Keyboard\KMaestro.exe" [2005-02-21 245760]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"COMODO Firewall Pro "= "c:\program files\Comodo\Firewall\CPF.exe" [2007-08-21 1115728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"TV Card Remote Control Device Monitor "= "c:\windows\3xHybridRMT.exe" [2008-03-17 466944]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"CTHelper "= "CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp "= "CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2006-12-12 20480]
"BluetoothAuthenticationAgent "= "bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Chris R\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-31 3450608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 23:22 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare\\BearShare.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"%windir%\\system32\\drivers\\svchost.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26860:TCP "= 26860:TCP:BitComet 26860 TCP
"26860:UDP "= 26860:UDP:BitComet 26860 UDP
"86:TCP "= 86:TCP:BroadCam Web Server

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [5/17/2006 7:31 PM 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [5/17/2006 7:31 PM 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/22/2008 11:19 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/22/2008 11:19 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 10:15 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 10:15 PM 298776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 3xHybrid;SAA7130 TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [7/21/2008 7:26 PM 716160]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [5/17/2006 7:31 PM 26752]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [7/21/2008 6:45 PM 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [7/21/2008 6:47 PM 25984]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6/21/2008 11:19 PM 16512]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/17/2008 12:37 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/17/2008 12:37 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [8/15/2008 8:53 PM 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IS-KHAB5DRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file://e:\cdviewer\CdViewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1220945662-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F54A762-033B-B561-FAA0-DBF8F61A264D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapnckdeapmpobhhmd "=hex:6a,61,6d,6c,66,69,6c,6f,70,70,6f,64,68,6b,66,6c,6a,6a,
6b,6a,00,00
"habbmledjkgjgfgb "=hex:6a,61,6d,6c,66,69,6c,6f,70,70,6f,64,68,6b,66,6c,6a,6a,
6b,6a,00,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:c8,28,51,af,b0,29,a3,98,3b,a9,8a,23,4d,
09,f6,b9,c8,28,51,af,b0,29,a3,98,ac,02,e8,23,a0,8f,60,c9,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:71,3b,04,66,8b,46,0d,96,93,d6,89,62,41,
16,12,a0,71,3b,04,66,8b,46,0d,96,cd,ad,00,12,be,7a,69,7b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,ad,36,c9,d4,30,
53,fb,f7,25,da,ec,7e,55,20,c9,26,fe,ad,6b,7c,04,97,22,11,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:3e,1e,9e,e0,57,5a,93,61,1d,e0,0e,55,2f,
70,2a,cc,3e,1e,9e,e0,57,5a,93,61,4f,b3,66,b8,50,10,eb,2c,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:cd,44,cd,b9,a6,33,6c,cd,aa,1e,a4,a9,73,
bf,e3,25,cd,44,cd,b9,a6,33,6c,cd,cd,70,0d,6b,dc,bc,85,e0,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:50,93,e5,ab,ec,6a,4e,ab,e8,da,cf,f5,35,
cf,53,ed,b0,18,ed,a7,3f,8d,37,a4,14,32,2b,2b,f1,11,ad,ee,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:31,77,e1,ba,b1,f8,68,02,6e,96,77,7b,7d,
3a,72,69,31,77,e1,ba,b1,f8,68,02,22,52,48,97,cb,9e,df,d4,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:01,3a,48,fc,e8,04,4a,f1,d9,d1,eb,2c,22,
5e,7d,cb,83,6c,56,8b,a0,85,96,ab,a2,17,bf,45,dc,d8,59,ba,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,ba,9d,31,92,ff,
8a,16,da,51,fa,6e,91,28,9e,14,cc,00,75,87,61,b2,dc,39,20,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:3d,ce,ea,26,2d,45,aa,78,65,ce,ae,78,69,
f3,2c,88,b1,cd,45,5a,a8,c4,f8,b9,3a,2b,12,c6,54,14,c2,ad,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:f8,31,0f,a9,5f,a0,ec,fb,19,3d,60,dc,64,
dd,e0,22,e3,0e,66,d5,eb,bc,2f,6b,72,a2,91,0d,01,d2,01,95,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:05,73,21,dd,54,d8,4a,c5,c0,5d,f4,c0,63,
97,dc,f0,fa,ea,66,7f,d4,3b,6b,70,c6,a6,c3,5c,cf,71,f7,55,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(17800)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-05-26 21:36
ComboFix-quarantined-files.txt 2009-05-26 02:36

Pre-Run: 41,518,415,872 bytes free
Post-Run: 41,993,474,048 bytes free

299 --- E O F --- 2009-05-26 00:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:15 PM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8102 bytes

broni · 2009/05/25

Definitely, nothing malicious here, but we need to take care of couple of things.

First...
Recovery Console

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named.

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt log in your next reply.

======================================================

When done, you can take care of those other things bothering you.
We need to disable couple of unnecessary startups.

Open HJT, and checkmark:
- O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
- O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
- O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
- O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
Click "Fix checked" button (no actual programs will be removed).

How are things now?

Log in or Sign up

Solved Blue Screen Reboot, Slowed Internet, Iphone Shortcut

bronskater Inactive Thread Starter

Admin. Administrator Administrator Staff

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Blue Screen Reboot, Slowed Internet, Iphone Shortcut

bronskater Inactive Thread Starter

Admin. Administrator Administrator Staff

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches