Active Pc freezes, fonts looks altered, programs won't run or crash.

R1ck · 2009/07/01

[Active] Pc freezes, fonts looks altered, programs won't run or crash.

I have XP on my PC. The PC will freeze up usually within the first 10-15 mins of reboot. Antivirus programs won't run properly or crash altogether. Some of the fonts or pictures look altered or weird. I can only access my stuff on safe mode. I'm not sure what's going on and what's causing it.

Thanks

R1ck

broni · 2009/07/01

Read this post, then post the requested log(s).

R1ck · 2009/07/06

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by rpicon at 10:08:38.00 on 2009-07-06
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN.1704 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Rick Picon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.finance.yahoo.com/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [PlaxoUpdate] c:\program files\plaxo\3.19.0.16\PlaxoHelper_en.exe -a
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlaxoSysTray] c:\program files\plaxo\3.19.0.16\PlaxoSysTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_08\bin\jusched.exe "
mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe "
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe "
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe "
mRun: [RealTray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE "
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe "
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [Logitech Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe "
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dExplorerRun: [Msn] c:\JsPbsc.exe
dExplorerRun: [MsnHost] c:\JsPbsc.exe
dExplorerRun: [MsnLoad] c:\JsPbsc.exe
dExplorerRun: [MsnConvert] c:\JsPbsc.exe
dExplorerRun: [MsnMessendger] c:\JsPbsc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1830/SkillGround.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220382079052
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220382073177
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli dlorsfl.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {319ADFDA-DC8A-499B-B73B-D0C8016E9E49} - c:\documents and settings\rick picon\local settings\application data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
S0 lafpipqh;lafpipqh; [x]
S0 yzbuhcvb;yzbuhcvb; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-30 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-30 26824]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-30 231704]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-10 3712]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-27 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-27 47640]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-10 17:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\93791246
2009-06-10 17:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13781254
2009-06-08 15:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Schwab Performance Technologies

==================== Find3M ====================

2006-04-20 11:28 56 ---shr-- c:\windows\system32\0DDFEFD744.sys
2006-04-20 11:28 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 10:09:36.87 ===============

R1ck · 2009/07/06

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 00:00:00
System Uptime: 2009-07-06 10:01:34 (0 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 109 GiB total, 64.201 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 7.596 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
O: is NetworkDisk (NTFS) - 136 GiB total, 76.715 GiB free.
P: is NetworkDisk (NTFS) - 136 GiB total, 76.715 GiB free.
S: is NetworkDisk (NTFS) - 128 GiB total, 85.174 GiB free.
T: is NetworkDisk (NTFS) - 136 GiB total, 76.715 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1137: 2009-06-30 14:34:18 - System Checkpoint
RP1138: 2009-06-30 14:34:18 - System Checkpoint
RP1139: 2009-06-30 14:34:18 - System Checkpoint
RP1140: 2009-06-30 14:34:19 - System Checkpoint
RP1141: 2009-06-30 14:34:19 - System Checkpoint
RP1142: 2009-06-30 14:34:19 - System Checkpoint
RP1143: 2009-06-30 14:34:19 - System Checkpoint
RP1144: 2009-06-30 14:34:20 - System Checkpoint
RP1145: 2009-06-30 14:34:20 - System Checkpoint
RP1146: 2009-06-30 14:34:20 - System Checkpoint
RP1147: 2009-06-30 14:34:20 - System Checkpoint
RP1148: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1149: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1150: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1151: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1152: 2009-06-30 14:34:21 - System Checkpoint
RP1153: 2009-06-30 14:34:22 - RegRun Virus Scan
RP1154: 2009-06-30 14:34:22 - System Checkpoint
RP1155: 2009-06-30 14:34:22 - System Checkpoint
RP1156: 2009-06-30 14:34:22 - System Checkpoint
RP1157: 2009-06-30 14:34:23 - RegRun Virus Scan
RP1158: 2009-06-30 14:34:23 - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP1159: 2009-06-30 14:34:23 - RegRun Virus Scan
RP1160: 2009-06-30 14:34:24 - ComboFix created restore point
RP1161: 2009-06-30 14:34:24 - System Checkpoint
RP1162: 2009-06-30 14:34:24 - System Checkpoint
RP1163: 2009-06-30 14:34:25 - System Checkpoint
RP1164: 2009-06-30 14:34:25 - System Checkpoint
RP1165: 2009-06-30 14:34:25 - System Checkpoint
RP1166: 2009-06-30 14:34:25 - System Checkpoint
RP1167: 2009-06-30 14:34:25 - System Checkpoint
RP1168: 2009-06-30 14:34:26 - System Checkpoint
RP1169: 2009-06-30 14:34:26 - System Checkpoint
RP1170: 2009-06-30 14:34:26 - System Checkpoint
RP1171: 2009-06-30 14:34:27 - System Checkpoint
RP1172: 2009-06-30 14:34:27 - System Checkpoint
RP1173: 2009-06-30 14:34:27 - System Checkpoint
RP1174: 2009-06-30 14:34:27 - System Checkpoint
RP1175: 2009-06-30 14:34:28 - RegRun Virus Scan
RP1176: 2009-06-30 14:34:28 - System Checkpoint
RP1177: 2009-06-30 14:34:28 - System Checkpoint
RP1178: 2009-06-30 14:34:29 - System Checkpoint
RP1179: 2009-06-30 14:34:29 - System Checkpoint
RP1180: 2009-06-30 14:34:29 - System Checkpoint
RP1181: 2009-06-30 14:34:30 - System Checkpoint
RP1182: 2009-06-30 14:34:30 - System Checkpoint
RP1183: 2009-06-30 14:34:30 - System Checkpoint
RP1184: 2009-06-30 14:34:31 - System Checkpoint
RP1185: 2009-06-30 14:34:31 - System Checkpoint
RP1186: 2009-06-30 14:34:31 - System Checkpoint
RP1187: 2009-06-30 14:34:31 - System Checkpoint
RP1188: 2009-06-30 14:34:32 - System Checkpoint
RP1189: 2009-06-30 14:34:32 - System Checkpoint
RP1190: 2009-06-30 14:34:32 - System Checkpoint
RP1191: 2009-06-30 14:34:32 - System Checkpoint
RP1192: 2009-06-30 14:34:33 - System Checkpoint
RP1193: 2009-06-30 14:34:33 - System Checkpoint
RP1194: 2009-06-30 14:34:33 - RegRun Virus Scan
RP1195: 2009-06-30 14:34:34 - System Checkpoint
RP1196: 2009-06-30 14:34:34 - System Checkpoint
RP1197: 2009-06-30 14:34:34 - System Checkpoint
RP1198: 2009-06-30 14:34:34 - System Checkpoint
RP1199: 2009-06-30 14:34:35 - System Checkpoint
RP1200: 2009-06-30 14:34:35 - System Checkpoint
RP1201: 2009-06-30 14:34:35 - System Checkpoint
RP1202: 2009-06-30 14:34:35 - System Checkpoint
RP1203: 2009-06-30 14:34:36 - System Checkpoint
RP1204: 2009-06-30 14:34:36 - System Checkpoint
RP1205: 2009-06-30 14:34:36 - System Checkpoint
RP1206: 2009-06-30 14:34:37 - Installed PortfolioCenter Management Console
RP1207: 2009-06-30 14:34:37 - Installed PortfolioCenter
RP1208: 2009-06-30 14:34:37 - System Checkpoint
RP1209: 2009-06-30 14:34:37 - RegRun Virus Scan
RP1210: 2009-06-30 14:34:38 - System Checkpoint
RP1211: 2009-06-30 14:34:38 - System Checkpoint
RP1212: 2009-06-30 14:34:38 - System Checkpoint
RP1213: 2009-06-30 14:34:39 - System Checkpoint
RP1214: 2009-06-30 14:34:39 - System Checkpoint
RP1215: 2009-06-30 14:34:39 - System Checkpoint
RP1216: 2009-06-30 14:34:39 - Removed Better Homes and Gardens Home Designer Suite 6.0
RP1217: 2009-06-30 14:34:39 - System Checkpoint
RP1218: 2009-06-30 14:34:40 - System Checkpoint
RP1219: 2009-06-30 14:34:40 - System Checkpoint
RP1220: 2009-06-30 14:34:40 - RegRun Virus Scan
RP1221: 2009-06-30 14:34:41 - System Checkpoint
RP1222: 2009-06-30 14:34:41 - System Checkpoint
RP1223: 2009-06-30 14:34:42 - System Checkpoint
RP1224: 2009-06-30 14:34:42 - System Checkpoint
RP1225: 2009-06-30 14:34:42 - System Checkpoint
RP1226: 2009-06-30 14:34:42 - System Checkpoint
RP1227: 2009-06-30 14:34:42 - System Checkpoint

==== Installed Programs ======================

==== Event Viewer Messages From Past Week ========

2009-07-06 10:02:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm NetworkX yzbuhcvb
2009-07-01 13:51:19, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2009-07-01 13:44:29, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: yzbuhcvb
2009-07-01 12:59:33, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
2009-07-01 11:17:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-07-01 11:16:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm NetworkX sptd yzbuhcvb

==== End Of File ===========================

R1ck · 2009/07/06

it seems like every time a program runs, i get the pop up message box telling me that it has encountered a problem and it needs to shut down. Do you want to report the problem?

broni · 2009/07/06

Don't worry about it for now. There is some infection present.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

R1ck · 2009/07/07

pc having a hard time running on safe mode and wont run combofix but i got hijackthis..

Logfile of HijackThis v1.99.1
Scan saved at 11:31, on 2009-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Rick Picon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe "
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe "
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

broni · 2009/07/07

This is outdated HJT version.
Next time...
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

==================================================================

Delete Combofix, you just downloaded.
Download it from HERE, and follow same instructions to run it.

R1ck · 2009/07/07

New log From HIJACKTHIS..(newer version)..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19, on 2009-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe "
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe "
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnConvert] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\DTGIA.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11839 bytes

broni · 2009/07/07

What about Combofix?

R1ck · 2009/07/07

Here's combofix...took longer to run..

ComboFix 09-07-07.07 - rpicon 2009-07-07 15:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1614 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\random.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DEL.bat
c:\documents and settings\All Users\Application Data\93791246.ini
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome.manifest
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome\content\_cfg.js
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome\content\c.js
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome\content\overlay.xul
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\install.rdf
C:\V3W2Ju.exe
c:\windows\Installer\e1fe224.msp
c:\windows\Installer\e1fe225.msp
c:\windows\system32\drivers\UACjdvqubrncfrqyhbvh.sys
c:\windows\system32\msxml71.dll
c:\windows\system32\UACfctaagyilociipqcg.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkfjedipiluxvcibgm.log
c:\windows\system32\UACneqwwooqukhtyaftw.dll
c:\windows\system32\UACqmfnthxkjsbyahdbb.dll
c:\windows\system32\UACsgolfafuaygdfbqjt.dll
c:\windows\system32\UACuhujggvltghmoerxf.dat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
C:\Zx5R.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 16:03 . 2009-07-07 16:03 6998 ----a-w- C:\xEkjtM.bat
2009-07-07 16:03 . 2009-07-07 16:03 256 ----a-w- C:\MjvNDt.bat
2009-07-07 15:55 . 2009-07-07 15:55 6998 ----a-w- C:\MOw7Vw.bat
2009-07-07 15:55 . 2009-07-07 15:55 248 ----a-w- C:\imsCBZY.bat
2009-07-01 17:50 . 2008-12-22 19:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-06-29 16:05 . 2009-06-29 16:05 6998 ----a-w- C:\yZ2iXm.bat
2009-06-29 16:05 . 2009-06-29 16:05 256 ----a-w- C:\bUA.bat
2009-06-29 15:58 . 2009-06-29 15:58 6998 ----a-w- C:\L3r.bat
2009-06-29 15:58 . 2009-06-29 15:58 274 ----a-w- C:\rtHbD6s.bat
2009-06-29 15:35 . 2009-06-29 15:35 6998 ----a-w- C:\umqhLicp.bat
2009-06-29 15:35 . 2009-06-29 15:35 238 ----a-w- C:\EDdKN.bat
2009-06-29 15:20 . 2009-06-29 15:20 6998 ----a-w- C:\HqeT.bat
2009-06-29 15:20 . 2009-06-29 15:20 238 ----a-w- C:\RShDj.bat
2009-06-27 15:07 . 2009-06-27 15:07 6998 ----a-w- C:\MF3d.bat
2009-06-27 15:07 . 2009-06-27 15:07 234 ----a-w- C:\oR3hEE.bat
2009-06-26 21:22 . 2009-06-26 21:22 6998 ----a-w- C:\QY4.bat
2009-06-26 21:22 . 2009-06-26 21:22 249 ----a-w- C:\dezF.bat
2009-06-26 21:06 . 2009-06-26 21:06 6998 ----a-w- C:\vUzvaWg.bat
2009-06-26 21:06 . 2009-06-26 21:06 255 ----a-w- C:\zqz7Y.bat
2009-06-26 21:00 . 2009-06-26 21:00 6998 ----a-w- C:\wfzB3X.bat
2009-06-26 21:00 . 2009-06-26 21:00 275 ----a-w- C:\nA9Aow1.bat
2009-06-26 20:54 . 2009-06-26 20:54 6998 ----a-w- C:\jqSx.bat
2009-06-26 20:54 . 2009-06-26 20:54 253 ----a-w- C:\oGD1dc.bat
2009-06-26 20:39 . 2009-06-26 20:39 6998 ----a-w- C:\aI1O.bat
2009-06-26 20:39 . 2009-06-26 20:39 233 ----a-w- C:\YfDuIl7.bat
2009-06-26 20:32 . 2009-06-26 20:32 6998 ----a-w- C:\koRJVVim.bat
2009-06-26 20:32 . 2009-06-26 20:32 241 ----a-w- C:\HnSd.bat
2009-06-26 20:27 . 2009-06-26 20:27 6998 ----a-w- C:\eOLbd4s.bat
2009-06-26 20:27 . 2009-06-26 20:27 248 ----a-w- C:\mH7xy.bat
2009-06-26 20:19 . 2009-06-26 20:19 6998 ----a-w- C:\RUyy.bat
2009-06-26 20:19 . 2009-06-26 20:19 261 ----a-w- C:\emq.bat
2009-06-26 20:09 . 2009-06-26 20:09 6998 ----a-w- C:\MaH8uA.bat
2009-06-26 20:09 . 2009-06-26 20:09 258 ----a-w- C:\oXf4XG9.bat
2009-06-26 20:06 . 2009-06-26 20:06 6998 ----a-w- C:\wYTk.bat
2009-06-26 20:06 . 2009-06-26 20:06 244 ----a-w- C:\qEX.bat
2009-06-26 20:03 . 2009-06-26 20:03 6998 ----a-w- C:\EcDQ9a.bat
2009-06-26 20:03 . 2009-06-26 20:03 266 ----a-w- C:\leT0.bat
2009-06-26 20:01 . 2009-06-26 20:01 6998 ----a-w- C:\Jz5.bat
2009-06-26 20:01 . 2009-06-26 20:01 250 ----a-w- C:\CFM.bat
2009-06-26 19:57 . 2009-06-26 19:57 6998 ----a-w- C:\lzxi.bat
2009-06-26 19:57 . 2009-06-26 19:57 275 ----a-w- C:\EixHV.bat
2009-06-26 19:34 . 2009-06-26 19:34 6998 ----a-w- C:\kTLkS.bat
2009-06-26 19:34 . 2009-06-26 19:34 240 ----a-w- C:\dAeFjHq.bat
2009-06-26 19:22 . 2009-06-26 19:22 6998 ----a-w- C:\uOHd.bat
2009-06-26 19:22 . 2009-06-26 19:22 240 ----a-w- C:\Oa6D.bat
2009-06-26 19:02 . 2009-06-26 19:02 6998 ----a-w- C:\YtU4qH.bat
2009-06-26 19:02 . 2009-06-26 19:02 267 ----a-w- C:\IgLKnwT.bat
2009-06-26 18:45 . 2009-06-26 18:45 6998 ----a-w- C:\NqYcQQ.bat
2009-06-26 18:45 . 2009-06-26 18:45 274 ----a-w- C:\hZYU.bat
2009-06-26 18:29 . 2009-06-26 18:29 6998 ----a-w- C:\hsDNe.bat
2009-06-26 18:29 . 2009-06-26 18:29 273 ----a-w- C:\HRwRVSG.bat
2009-06-26 18:08 . 2009-06-26 18:08 6998 ----a-w- C:\Bepht8J6.bat
2009-06-26 18:08 . 2009-06-26 18:08 256 ----a-w- C:\eaISlyX.bat
2009-06-26 18:01 . 2009-06-26 18:01 6998 ----a-w- C:\gpzOj2.bat
2009-06-26 18:01 . 2009-06-26 18:01 264 ----a-w- C:\zqJKlgd.bat
2009-06-26 17:22 . 2009-06-26 17:22 6998 ----a-w- C:\NE51wH.bat
2009-06-26 17:22 . 2009-06-26 17:22 247 ----a-w- C:\bd1KSv.bat
2009-06-26 16:36 . 2009-06-26 16:36 6998 ----a-w- C:\ICjs3k.bat
2009-06-26 16:36 . 2009-06-26 16:36 248 ----a-w- C:\rBDE1PuI.bat
2009-06-26 16:34 . 2009-06-26 16:34 6998 ----a-w- C:\MY6oPCw.bat
2009-06-26 16:34 . 2009-06-26 16:34 276 ----a-w- C:\Yhcq.bat
2009-06-26 16:23 . 2009-06-26 16:23 6998 ----a-w- C:\PshX.bat
2009-06-26 16:23 . 2009-06-26 16:23 239 ----a-w- C:\ZgxVSK.bat
2009-06-26 16:16 . 2009-06-26 16:16 6998 ----a-w- C:\YdL.bat
2009-06-26 16:16 . 2009-06-26 16:16 245 ----a-w- C:\ugOssOe7.bat
2009-06-26 16:07 . 2009-06-26 16:07 6998 ----a-w- C:\eMm4sHl.bat
2009-06-26 16:07 . 2009-06-26 16:07 254 ----a-w- C:\GdG.bat
2009-06-26 16:04 . 2009-06-26 16:04 6998 ----a-w- C:\OPVxM1Fv.bat
2009-06-26 16:04 . 2009-06-26 16:04 271 ----a-w- C:\RZEIw.bat
2009-06-26 16:01 . 2009-06-26 16:01 6998 ----a-w- C:\zJ1jOna8.bat
2009-06-26 16:01 . 2009-06-26 16:01 266 ----a-w- C:\tkZnn.bat
2009-06-26 15:50 . 2009-06-26 15:50 6998 ----a-w- C:\udnE.bat
2009-06-26 15:50 . 2009-06-26 15:50 273 ----a-w- C:\iALIqwOH.bat
2009-06-26 15:47 . 2009-06-26 15:47 6998 ----a-w- C:\ANgs.bat
2009-06-26 15:47 . 2009-06-26 15:47 264 ----a-w- C:\Dcx8.bat
2009-06-25 22:09 . 2009-06-25 22:09 6998 ----a-w- C:\THJTB5f3.bat
2009-06-25 22:09 . 2009-06-25 22:09 236 ----a-w- C:\NnG.bat
2009-06-25 21:52 . 2009-06-25 21:52 6998 ----a-w- C:\AHCF4b.bat
2009-06-25 21:52 . 2009-06-25 21:52 242 ----a-w- C:\IBksNM.bat
2009-06-25 21:39 . 2009-06-25 21:39 6998 ----a-w- C:\EfgY.bat
2009-06-25 21:39 . 2009-06-25 21:39 274 ----a-w- C:\IV8KGs9.bat
2009-06-24 18:18 . 2009-06-24 18:18 6998 ----a-w- C:\cVPgyj.bat
2009-06-24 18:18 . 2009-06-24 18:18 267 ----a-w- C:\XWP.bat
2009-06-22 23:40 . 2009-06-22 23:40 6998 ----a-w- C:\S4pj4.bat
2009-06-22 23:40 . 2009-06-22 23:40 259 ----a-w- C:\CcN0PH.bat
2009-06-22 23:39 . 2009-06-22 23:39 6998 ----a-w- C:\tG1JEq.bat
2009-06-22 23:39 . 2009-06-22 23:39 231 ----a-w- C:\XCLgB7S.bat
2009-06-22 23:32 . 2009-06-22 23:32 6998 ----a-w- C:\qHG5cvEw.bat
2009-06-22 23:32 . 2009-06-22 23:32 273 ----a-w- C:\xZOCTdq.bat
2009-06-22 23:29 . 2009-06-22 23:29 6998 ----a-w- C:\m0m.bat
2009-06-22 23:29 . 2009-06-22 23:29 243 ----a-w- C:\SwKy.bat
2009-06-22 23:07 . 2009-06-22 23:07 6998 ----a-w- C:\pubAxry.bat
2009-06-22 23:07 . 2009-06-22 23:07 232 ----a-w- C:\ntIgpf0.bat
2009-06-22 22:59 . 2009-06-22 22:59 6998 ----a-w- C:\t5UA.bat
2009-06-22 22:59 . 2009-06-22 22:59 239 ----a-w- C:\vt7OiQ.bat
2009-06-22 22:51 . 2009-06-22 22:51 6998 ----a-w- C:\B5A.bat
2009-06-22 22:51 . 2009-06-22 22:51 233 ----a-w- C:\IS5.bat
2009-06-22 22:47 . 2009-06-22 22:47 6998 ----a-w- C:\j4EFvY.bat
2009-06-22 22:47 . 2009-06-22 22:47 257 ----a-w- C:\SRBFSefH.bat
2009-06-22 22:42 . 2009-06-22 22:42 6998 ----a-w- C:\maldKyfc.bat
2009-06-22 22:42 . 2009-06-22 22:42 272 ----a-w- C:\vBChyy7V.bat
2009-06-22 22:29 . 2009-06-22 22:29 6998 ----a-w- C:\PH3LlFsl.bat
2009-06-22 22:29 . 2009-06-22 22:29 269 ----a-w- C:\VWwo5.bat
2009-06-22 22:24 . 2009-06-22 22:24 6998 ----a-w- C:\QkEA8.bat
2009-06-22 22:24 . 2009-06-22 22:24 229 ----a-w- C:\gpfauvKP.bat
2009-06-22 22:03 . 2009-06-22 22:03 6998 ----a-w- C:\VTK2.bat
2009-06-22 22:03 . 2009-06-22 22:03 237 ----a-w- C:\Kf08qiY.bat
2009-06-22 21:58 . 2009-06-22 21:58 6998 ----a-w- C:\lXJqq.bat
2009-06-22 21:58 . 2009-06-22 21:58 252 ----a-w- C:\mXHd3NbE.bat
2009-06-22 21:55 . 2009-06-22 21:55 6998 ----a-w- C:\PHgsR.bat
2009-06-22 21:55 . 2009-06-22 21:55 266 ----a-w- C:\bcDB.bat
2009-06-22 21:36 . 2009-06-22 21:36 6998 ----a-w- C:\KTLsj.bat
2009-06-22 21:36 . 2009-06-22 21:36 256 ----a-w- C:\uv9SlG5L.bat
2009-06-22 21:27 . 2009-06-22 21:27 6998 ----a-w- C:\W9NOTkZ.bat
2009-06-22 21:27 . 2009-06-22 21:27 272 ----a-w- C:\PCj3dkbU.bat
2009-06-22 21:15 . 2009-06-22 21:15 6998 ----a-w- C:\ouP.bat
2009-06-22 21:15 . 2009-06-22 21:15 233 ----a-w- C:\P3L0.bat
2009-06-22 21:08 . 2009-06-22 21:08 6998 ----a-w- C:\HSVCvcl7.bat
2009-06-22 21:08 . 2009-06-22 21:08 229 ----a-w- C:\rc9.bat
2009-06-22 21:01 . 2009-06-22 21:01 6998 ----a-w- C:\YlF6.bat
2009-06-22 21:01 . 2009-06-22 21:01 274 ----a-w- C:\vRBA0.bat
2009-06-22 20:59 . 2009-06-22 20:59 6998 ----a-w- C:\g7jxBn.bat
2009-06-22 20:59 . 2009-06-22 20:59 232 ----a-w- C:\irB.bat
2009-06-22 20:47 . 2009-06-22 20:47 6998 ----a-w- C:\KUNRBfu1.bat
2009-06-22 20:47 . 2009-06-22 20:47 258 ----a-w- C:\dU1IZ.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 19:46 . 2006-05-08 18:17 -------- d-----w- c:\program files\Plaxo
2009-07-07 19:19 . 2006-12-29 16:30 -------- d-----w- c:\program files\Trend Micro
2009-07-07 15:02 . 2008-07-31 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 14:58 . 2006-11-03 17:35 -------- d-----w- c:\program files\LogMeIn
2009-07-07 14:44 . 2006-04-11 15:30 -------- d-----w- c:\program files\Network Assistant
2009-07-06 16:18 . 2008-05-08 18:26 -------- d-----w- c:\program files\SmartDraw 2008
2009-07-01 17:50 . 2009-02-17 17:40 2 --shatr- c:\windows\winstart.bat
2009-07-01 17:50 . 2009-02-17 17:39 -------- d-----w- c:\program files\UnHackMe
2009-07-01 17:49 . 2008-07-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-22 17:05 . 2009-04-24 20:15 258 ----a-w- C:\ngY.bat
2009-06-08 20:42 . 2008-02-12 19:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-08 19:05 . 2006-03-07 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:54 . 2006-03-31 18:32 -------- d-----w- c:\program files\Schwab Performance Technologies
2009-06-01 22:09 . 2009-06-01 22:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 22:09 . 2009-04-23 14:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 22:08 . 2009-06-01 22:08 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 22:02 . 2009-06-01 22:02 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 22:02 . 2009-06-01 22:02 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 00:04 . 2009-06-01 00:04 6998 ----a-w- C:\Z6qmt.bat
2009-06-01 00:04 . 2009-06-01 00:04 275 ----a-w- C:\y3pCH.bat
2009-05-28 15:42 . 2009-05-28 15:42 6998 ----a-w- C:\V6lQa8.bat
2009-05-28 15:42 . 2009-05-28 15:42 256 ----a-w- C:\qLL.bat
2009-05-28 15:29 . 2009-05-28 15:29 6998 ----a-w- C:\eAO89EPG.bat
2009-05-28 15:29 . 2009-05-28 15:29 245 ----a-w- C:\rCvYguTN.bat
2009-05-28 15:03 . 2009-05-28 15:03 6998 ----a-w- C:\aE4fB.bat
2009-05-28 15:03 . 2009-05-28 15:03 261 ----a-w- C:\MMUx5.bat
2009-05-28 14:54 . 2009-05-28 14:54 6998 ----a-w- C:\YZc.bat
2009-05-28 14:54 . 2009-05-28 14:54 262 ----a-w- C:\kb4X2uFY.bat
2009-05-27 21:44 . 2009-05-27 21:44 6998 ----a-w- C:\hDa.bat
2009-05-27 21:44 . 2009-05-27 21:44 265 ----a-w- C:\a3N6V9x.bat
2009-05-27 21:30 . 2009-05-27 21:30 6998 ----a-w- C:\V3x2sGC4.bat
2009-05-27 21:30 . 2009-05-27 21:30 247 ----a-w- C:\QPdQowz.bat
2009-05-27 21:24 . 2009-05-27 21:24 6998 ----a-w- C:\xYE.bat
2009-05-27 21:24 . 2009-05-27 21:24 251 ----a-w- C:\WjZi1yTa.bat
2009-05-27 21:11 . 2009-05-27 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 21:09 . 2009-05-27 21:09 6998 ----a-w- C:\vKDV.bat
2009-05-27 21:09 . 2009-05-27 21:09 270 ----a-w- C:\I13pBWX.bat
2009-05-27 21:08 . 2009-05-27 21:08 6998 ----a-w- C:\CgHmJWL.bat
2009-05-27 21:08 . 2009-05-27 21:08 234 ----a-w- C:\Nyv.bat
2009-05-27 21:06 . 2009-05-27 21:06 6998 ----a-w- C:\kI1lXYQl.bat
2009-05-27 21:06 . 2009-05-27 21:06 243 ----a-w- C:\dw1yw.bat
2009-05-27 20:59 . 2009-05-27 20:59 6998 ----a-w- C:\K1UsWz.bat
2009-05-27 20:59 . 2009-05-27 20:59 276 ----a-w- C:\jaNz0.bat
2009-05-27 20:46 . 2009-05-27 20:46 6998 ----a-w- C:\wLrf.bat
2009-05-27 20:46 . 2009-05-27 20:46 258 ----a-w- C:\Nkm.bat
2009-05-27 20:42 . 2009-05-27 20:42 6998 ----a-w- C:\VM31W.bat
2009-05-27 20:42 . 2009-05-27 20:42 261 ----a-w- C:\dfFfKDP.bat
2009-05-27 20:37 . 2009-05-27 20:37 6998 ----a-w- C:\ztw.bat
2009-05-27 20:37 . 2009-05-27 20:37 263 ----a-w- C:\DJDbwokh.bat
2009-05-27 20:26 . 2009-05-27 20:26 6998 ----a-w- C:\r6BlrlXa.bat
2009-05-27 20:26 . 2009-05-27 20:26 254 ----a-w- C:\esnLV2IP.bat
2009-05-27 20:09 . 2009-05-27 20:09 6998 ----a-w- C:\lzU.bat
2009-05-27 20:09 . 2009-05-27 20:09 259 ----a-w- C:\ZwoJr6AT.bat
2009-05-27 20:07 . 2009-05-27 20:07 6998 ----a-w- C:\P4D.bat
2009-05-27 20:07 . 2009-05-27 20:07 242 ----a-w- C:\zvGI.bat
2009-05-27 19:56 . 2009-05-27 19:56 6998 ----a-w- C:\wQpa5.bat
2009-05-27 19:56 . 2009-05-27 19:56 264 ----a-w- C:\H67TgySt.bat
2009-05-27 19:43 . 2009-05-27 19:43 6998 ----a-w- C:\oOJD.bat
2009-05-27 19:43 . 2009-05-27 19:43 242 ----a-w- C:\q4pb99n.bat
2009-05-27 19:39 . 2009-05-27 19:39 6998 ----a-w- C:\GAInZVr.bat
2009-05-27 19:39 . 2009-05-27 19:39 247 ----a-w- C:\Qfvs.bat
2009-05-27 19:31 . 2009-05-27 19:31 6998 ----a-w- C:\hkit7A.bat
2009-05-27 19:31 . 2009-05-27 19:31 233 ----a-w- C:\sLgsI3.bat
2009-05-27 19:15 . 2009-05-27 19:15 6998 ----a-w- C:\UJtipqpV.bat
2009-05-27 19:15 . 2009-05-27 19:15 259 ----a-w- C:\T1yIrP9m.bat
2009-05-27 19:09 . 2009-05-27 19:09 6998 ----a-w- C:\ySQP.bat
2009-05-27 19:09 . 2009-05-27 19:09 260 ----a-w- C:\INP.bat
2009-05-27 19:05 . 2009-05-27 19:05 6998 ----a-w- C:\Q7o.bat
2009-05-27 19:05 . 2009-05-27 19:05 234 ----a-w- C:\v5MYPLf.bat
2009-05-27 19:03 . 2009-05-27 19:03 6998 ----a-w- C:\zYEt.bat
2009-05-27 19:03 . 2009-05-27 19:03 240 ----a-w- C:\PWGhGNAx.bat
2009-05-27 19:00 . 2009-05-27 19:00 6998 ----a-w- C:\IU3cUHUW.bat
2009-05-27 19:00 . 2009-05-27 19:00 249 ----a-w- C:\RSILNZ.bat
2009-05-27 18:58 . 2009-05-27 18:58 6998 ----a-w- C:\oIk1L3.bat
2009-05-27 18:58 . 2009-05-27 18:58 255 ----a-w- C:\w0HLv.bat
2009-05-27 18:56 . 2009-05-27 18:56 6998 ----a-w- C:\UoG6mM.bat
2009-05-27 18:56 . 2009-05-27 18:56 256 ----a-w- C:\I4bt0lvQ.bat
2009-05-27 18:37 . 2009-05-27 18:37 6998 ----a-w- C:\aP2Q.bat
2009-05-27 18:37 . 2009-05-27 18:37 235 ----a-w- C:\EBo8BIaC.bat
2009-05-27 18:23 . 2009-05-27 18:23 6998 ----a-w- C:\Z482x0FK.bat
2009-05-27 18:23 . 2009-05-27 18:23 262 ----a-w- C:\WcC.bat
2009-05-27 18:22 . 2009-05-27 18:22 6998 ----a-w- C:\ygsn.bat
2009-05-27 18:22 . 2009-05-27 18:22 232 ----a-w- C:\tbj.bat
2009-05-27 18:17 . 2009-05-27 18:17 6998 ----a-w- C:\Z5OS2WqW.bat
2009-05-27 18:17 . 2009-05-27 18:17 271 ----a-w- C:\Gld5V.bat
2009-05-27 18:08 . 2009-05-27 18:08 6998 ----a-w- C:\L5DZfSVe.bat
2009-05-27 18:08 . 2009-05-27 18:08 271 ----a-w- C:\b0bybXv6.bat
2009-05-27 17:50 . 2009-05-27 17:50 6998 ----a-w- C:\Jfvis.bat
2009-05-27 17:50 . 2009-05-27 17:50 269 ----a-w- C:\cRmo.bat
2009-05-27 17:49 . 2009-05-27 17:49 6998 ----a-w- C:\wZElj.bat
2009-05-27 17:49 . 2009-05-27 17:49 260 ----a-w- C:\T8PX6y.bat
2009-05-27 17:47 . 2009-05-27 17:47 6998 ----a-w- C:\R6IxZS.bat
2009-05-27 17:47 . 2009-05-27 17:47 263 ----a-w- C:\YIZatxR.bat
2009-05-27 17:44 . 2009-05-27 17:44 6998 ----a-w- C:\TrN18f.bat
2009-05-27 17:44 . 2009-05-27 17:44 272 ----a-w- C:\jv89VUe.bat
2009-05-27 17:20 . 2009-05-27 17:20 6998 ----a-w- C:\E9Ozos6.bat
2009-05-27 17:20 . 2009-05-27 17:20 273 ----a-w- C:\GRbp4ad.bat
2009-05-27 17:19 . 2009-05-27 17:19 6998 ----a-w- C:\Njx.bat
2009-05-27 17:19 . 2009-05-27 17:19 272 ----a-w- C:\Yb0qXB.bat
2009-05-27 17:08 . 2009-05-27 17:08 6998 ----a-w- C:\Q1pZS5.bat
2006-04-20 15:28 . 2006-04-17 18:07 56 --sh--r- c:\windows\system32\0DDFEFD744.sys
2006-04-20 15:28 . 2006-04-17 18:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_19.23.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-08 05:03 . 2005-09-08 05:03 86728 c:\windows\system32\msxml6r.dll
+ 2008-05-20 18:54 . 2009-05-07 19:44 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-05-04 21:51 . 2009-05-04 21:51 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-04-22 21:49 . 2009-05-04 21:51 64160 c:\windows\system32\drivers\Lbd.sys
- 2009-04-22 21:49 . 2009-03-09 19:06 64160 c:\windows\system32\drivers\Lbd.sys
+ 2004-08-11 23:00 . 2004-08-04 11:00 42496 c:\windows\system32\dllcache\ftp.exe
+ 2006-03-31 17:48 . 2009-07-07 17:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-31 17:48 . 2009-04-23 19:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-31 17:48 . 2009-04-23 19:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-31 17:48 . 2009-07-07 17:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-31 17:48 . 2009-04-23 19:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-31 17:48 . 2009-07-07 17:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-21 13:21 . 2008-11-21 13:21 32256 c:\windows\system32\_regtlb.dll
- 2002-01-23 16:41 . 2002-01-23 16:41 32256 c:\windows\system32\_regtlb.dll
+ 2006-03-07 13:06 . 2006-03-07 13:06 72704 c:\windows\Installer\ff41.msi
+ 2007-02-08 15:37 . 2007-02-08 15:37 29696 c:\windows\Installer\eb18a32.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 48128 c:\windows\Installer\e1fd56a.msi
+ 2006-11-16 16:22 . 2006-11-16 16:22 94208 c:\windows\Installer\6e9ba01.msi
+ 2009-06-08 18:54 . 2009-06-08 18:54 45056 c:\windows\Installer\{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}\NewShortcut2_DD4D0CB203144FEE9081D319301A6CD0.exe
+ 2009-06-08 18:54 . 2009-06-08 18:54 45056 c:\windows\Installer\{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}\ARPPRODUCTICON.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\PortfolioCenter_34298AB85BEA4A7CAFC4CF479F04CE67.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\NewShortcut8_BEA64D43F7F94E849C0625FA4E0770D5.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\NewShortcut3_56D22B1281B44246B86FC43C35F01F63.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\NewShortcut1_5C5D265EA91F453496C034DB53FC982B.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 4150 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\PortfolioCenterSec_A4B51298F6FE450B820CDD53FCFD3308.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 3638 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\ARPPRODUCTICON.exe
+ 2007-06-25 14:18 . 2009-03-06 15:05 121856 c:\windows\system32\xmllite.dll
- 2007-06-25 14:18 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 382933 c:\windows\system32\spool\drivers\w32x86\acpdfui300.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 430163 c:\windows\system32\spool\drivers\w32x86\acpdf300.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 382933 c:\windows\system32\spool\drivers\w32x86\3\acpdfui300.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 430163 c:\windows\system32\spool\drivers\w32x86\3\acpdf300.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2006-03-07 13:15 . 2006-03-07 13:15 634880 c:\windows\Installer\ffbb.msi
+ 2006-03-07 13:15 . 2006-03-07 13:15 635904 c:\windows\Installer\ffb0.msi
+ 2006-03-07 13:14 . 2006-03-07 13:14 752640 c:\windows\Installer\ff8e.msi
+ 2006-03-07 13:14 . 2006-03-07 13:14 219136 c:\windows\Installer\ff88.msi
+ 2006-03-07 13:12 . 2006-03-07 13:12 285696 c:\windows\Installer\ff7d.msi
+ 2006-03-07 13:07 . 2006-03-07 13:07 194048 c:\windows\Installer\ff50.msi
+ 2006-03-07 13:06 . 2006-03-07 13:06 656896 c:\windows\Installer\ff46.msi
+ 2006-03-07 13:05 . 2006-03-07 13:05 669696 c:\windows\Installer\ff3c.msi
+ 2006-03-07 13:05 . 2006-03-07 13:05 256000 c:\windows\Installer\ff37.msi
+ 2006-03-07 13:04 . 2006-03-07 13:04 398848 c:\windows\Installer\ff15.msi
+ 2006-03-07 13:04 . 2006-03-07 13:04 275968 c:\windows\Installer\ff0f.msi
+ 2007-02-08 15:37 . 2007-02-08 15:37 697856 c:\windows\Installer\eb18a2c.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 501248 c:\windows\Installer\e1fd59d.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 501248 c:\windows\Installer\e1fd585.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 506880 c:\windows\Installer\e1fd57f.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 516608 c:\windows\Installer\e1fd577.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 513024 c:\windows\Installer\e1fd570.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 501248 c:\windows\Installer\e1fd54d.msi
+ 2006-11-15 08:02 . 2006-11-15 08:02 428544 c:\windows\Installer\85c527a.msi
+ 2004-08-11 23:20 . 2004-08-11 23:20 264704 c:\windows\Installer\8198.msi
+ 2009-03-24 16:44 . 2009-03-24 16:44 810496 c:\windows\Installer\58f0b.msi
+ 2008-07-30 23:58 . 2008-07-30 23:58 337408 c:\windows\Installer\546c4743.msi
+ 2007-06-27 07:06 . 2007-06-27 07:06 470528 c:\windows\Installer\5227cde.msi
+ 2009-06-08 18:54 . 2009-06-08 18:54 406528 c:\windows\Installer\3e32ce02.msi
+ 2009-06-08 18:54 . 2009-06-08 18:54 867328 c:\windows\Installer\3e32cdfe.msi
+ 2007-04-30 16:35 . 2007-04-30 16:35 991744 c:\windows\Installer\3ce73d9a.msi
+ 2006-10-31 08:02 . 2006-10-31 08:02 428544 c:\windows\Installer\3bae09a3.msi
+ 2009-04-22 21:48 . 2009-04-22 21:48 236032 c:\windows\Installer\36b41b.msi
+ 2007-05-17 19:31 . 2007-05-17 19:31 198144 c:\windows\Installer\2bd512fc.msi
+ 2006-10-17 19:56 . 2006-10-17 19:56 187904 c:\windows\Installer\25545152.msi
+ 2007-04-10 16:31 . 2007-04-10 16:31 578048 c:\windows\Installer\1bc4db73.msi
+ 2008-12-01 20:20 . 2008-12-01 20:20 435200 c:\windows\Installer\131a95a6.msi
+ 2008-12-01 20:20 . 2008-12-01 20:20 258560 c:\windows\Installer\131a948f.msi
+ 2008-12-01 20:18 . 2008-12-01 20:18 260096 c:\windows\Installer\131a9481.msi
+ 2008-12-01 20:18 . 2008-12-01 20:18 258560 c:\windows\Installer\131a9470.msi
+ 2006-03-07 13:01 . 2006-03-07 13:01 155136 c:\windows\Installer\1188f.msi
+ 2006-03-07 13:00 . 2006-03-07 13:00 621056 c:\windows\Installer\1188a.msi
+ 2006-05-16 14:48 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi
+ 2007-04-27 21:09 . 2006-06-04 06:30 815104 c:\windows\Downloaded Installations\{3727F9F2-EA5E-4F23-9347-54E3141E8EAA}\Baseball Mogul 2006.msi
+ 2006-03-07 13:01 . 2006-03-07 13:01 169472 c:\windows\Downloaded Installations\{2E0EBC61-88B0-453B-9535-FF97D78018BA}\Qualxserve Service Agreement.msi
+ 2004-08-11 23:00 . 2004-08-04 11:00 1326080 c:\windows\system32\webfldrs.msi
+ 2009-06-08 19:06 . 2009-03-06 15:05 3739648 c:\windows\system32\spool\drivers\w32x86\cdintf300.dll
+ 2005-09-08 05:03 . 2005-09-08 05:03 1330888 c:\windows\system32\msxml6.dll
+ 2006-03-31 17:54 . 2006-03-07 13:00 9946112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
+ 2009-06-08 19:06 . 2009-03-06 15:05 3739648 c:\windows\system32\cdintf300.dll
+ 2005-09-23 11:48 . 2005-09-23 11:48 1886720 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\jsredist.msi
+ 2004-10-19 16:07 . 2004-10-19 16:07 5077504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp
+ 2006-03-07 13:15 . 2006-03-07 13:15 1150464 c:\windows\Installer\ffa0.msi
+ 2006-03-07 13:15 . 2006-03-07 13:15 1144832 c:\windows\Installer\ff9a.msi
+ 2006-03-07 13:15 . 2006-03-07 13:15 1142784 c:\windows\Installer\ff94.msi
+ 2006-03-07 13:09 . 2006-03-07 13:09 4410368 c:\windows\Installer\ff5f.msi
+ 2006-03-07 13:04 . 2006-03-07 13:04 1900032 c:\windows\Installer\ff06.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 1652736 c:\windows\Installer\e1fd597.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 1652736 c:\windows\Installer\e1fd591.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 1652736 c:\windows\Installer\e1fd58b.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 1640960 c:\windows\Installer\e1fd560.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 2022912 c:\windows\Installer\e1fd55a.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 1713152 c:\windows\Installer\e1fd553.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 2397184 c:\windows\Installer\e1fd547.msi
+ 2007-05-11 19:20 . 2007-05-11 19:20 3005440 c:\windows\Installer\ce8b27b.msi
+ 2007-05-11 19:18 . 2007-05-11 19:18 7424000 c:\windows\Installer\ce8b1b2.msi
+ 2007-05-11 19:16 . 2007-05-11 19:16 1527808 c:\windows\Installer\ce8af81.msi
+ 2006-03-31 18:30 . 2006-03-31 18:30 1620992 c:\windows\Installer\85f35.msi
+ 2006-12-21 21:35 . 2006-12-21 21:35 1428992 c:\windows\Installer\57a20e7.msi
+ 2006-11-03 17:35 . 2006-11-03 17:35 1171968 c:\windows\Installer\559127e.msi
+ 2007-03-31 02:17 . 2007-03-31 02:17 9589248 c:\windows\Installer\5227d44.msp
+ 2007-04-09 02:32 . 2007-04-09 02:32 5131264 c:\windows\Installer\5227d30.msp
+ 2007-03-31 02:20 . 2007-03-31 02:20 5800960 c:\windows\Installer\5227d1c.msp
+ 2007-03-31 02:21 . 2007-03-31 02:21 3886080 c:\windows\Installer\5227c5b.msp
+ 2007-03-27 20:15 . 2007-03-27 20:15 8395776 c:\windows\Installer\5227c07.msp
+ 2007-03-27 20:14 . 2007-03-27 20:14 5566464 c:\windows\Installer\5227bf2.msp
+ 2004-08-11 23:22 . 2004-08-11 23:22 3443712 c:\windows\Installer\5067.msi
+ 2006-04-27 15:09 . 2006-04-27 15:09 1886208 c:\windows\Installer\4f010.msi
+ 2009-06-08 19:05 . 2009-06-08 19:05 5861376 c:\windows\Installer\3e32d10f.msi
+ 2008-07-31 18:22 . 2008-07-31 18:22 1091072 c:\windows\Installer\3d2dc3.msi
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\3bae09ee.msp
+ 2009-04-22 21:48 . 2009-04-22 21:48 1802240 c:\windows\Installer\36b421.msi
+ 2007-11-02 16:52 . 2007-11-02 16:52 1667072 c:\windows\Installer\2873161f.msi
+ 2006-03-31 18:45 . 2006-03-31 18:45 6885888 c:\windows\Installer\1c835.msi
+ 2006-04-27 15:08 . 2006-04-27 15:08 2109440 c:\windows\Installer\1825f.msi
+ 2006-09-19 19:20 . 2006-09-19 19:20 1510912 c:\windows\Installer\17344e09.msi
+ 2006-03-31 18:08 . 2006-03-31 18:08 5864960 c:\windows\Installer\135d5d.msp
+ 2006-04-18 17:48 . 2006-04-18 17:48 1629184 c:\windows\Installer\12d88e00.msp
+ 2009-02-02 22:07 . 2009-02-02 22:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-05-04 15:13 . 2006-05-04 15:13 6995968 c:\windows\Downloaded Installations\{8BB9063D-AC31-428D-8C46-E8ED667C2AE9}\Microsoft ActiveSync 4.0.msi
+ 2006-09-19 19:20 . 2006-11-02 17:14 3333120 c:\windows\Downloaded Installations\{66896DD9-B1F0-41C6-AFBA-29B28A6749B4}\QBFC3.0.msi
+ 2006-05-16 14:48 . 2006-05-08 14:37 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi
+ 2007-04-30 16:35 . 2007-04-30 16:35 6981632 c:\windows\Downloaded Installations\{156D71EC-9396-49C9-AD1A-808FFD897912}\Microsoft ActiveSync 4.0.msi
+ 2005-09-23 11:48 . 2005-09-23 11:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-02-08 15:37 . 2007-01-19 18:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-03-07 13:08 . 2006-03-07 13:08 22943232 c:\windows\Installer\ff55.msi
+ 2007-06-25 14:00 . 2007-06-25 14:00 12836352 c:\windows\Installer\e1fde92.msi
+ 2007-03-31 02:22 . 2007-03-31 02:22 10125824 c:\windows\Installer\5227cad.msp
+ 2007-04-22 00:16 . 2007-04-22 00:16 12490752 c:\windows\Installer\5227c99.msp
+ 2007-03-31 02:19 . 2007-03-31 02:19 10893312 c:\windows\Installer\5227c31.msp
+ 2007-03-28 16:12 . 2007-03-28 16:12 10796032 c:\windows\Installer\3ac56.msi
+ 2006-08-09 17:05 . 2006-08-09 17:05 30593024 c:\windows\Installer\21b360a.msi
+ 2004-08-11 23:22 . 2004-08-11 23:22 19204096 c:\windows\Installer\16315.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 19:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-04-25 3334144]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"PlaxoUpdate "= "c:\program files\Plaxo\3.19.0.16\PlaxoHelper_en.exe" [2009-02-09 371271]
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PlaxoSysTray "= "c:\program files\Plaxo\3.19.0.16\PlaxoSysTray.exe" [2009-02-09 20480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SigmatelSysTrayApp "= "c:\windows\stsystra.exe" [2005-03-23 339968]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Logitech Hardware Abstraction Layer "= "c:\windows\KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-10 593920]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-27 47640]
S0 lafpipqh;lafpipqh; [x]
S0 yzbuhcvb;yzbuhcvb; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1003344]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:49]

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 16:46]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\coh2bzuj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(864)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Plaxo\3.19.0.16\plx_hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-07 15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 19:51
ComboFix2.txt 2009-04-23 19:29
ComboFix3.txt 2009-01-22 18:42

Pre-Run: 66,767,564,800 bytes free
Post-Run: 67,225,214,976 bytes free

694 --- E O F --- 2007-06-27 07:07

broni · 2009/07/07

Go Start>Run, type in:
cmd
Click OK.

At command prompt, type in:
del c:\*bat
Press Enter.

Close command prompt window.

==============================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\0DDFEFD744.sys


Folder::
c:\program files\AskBarDis

Driver::
lafpipqh
yzbuhcvb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

R1ck · 2009/07/08

ComboFix 09-07-07.A9 - rpicon 2009-07-08 13:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1469 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\random.exe
Command switches used :: c:\documents and settings\Rick Picon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

FILE ::
"c:\windows\system32\0DDFEFD744.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0006E2F0.bin
c:\program files\AskBarDis\bar\Cache\0006E3CB.bin
c:\program files\AskBarDis\bar\Cache\0006E4D4.bin
c:\program files\AskBarDis\bar\Cache\0006E551.bin
c:\program files\AskBarDis\bar\Cache\0006E62C.bin
c:\program files\AskBarDis\bar\Cache\0006E6D8.bin
c:\program files\AskBarDis\bar\Cache\0006E765.bin
c:\program files\AskBarDis\bar\Cache\000A9E23
c:\program files\AskBarDis\bar\Cache\000AA901
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\0DDFEFD744.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YZBUHCVB
-------\Service_lafpipqh
-------\Service_yzbuhcvb

((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-07 16:03 . 2009-07-07 16:03 6998 ----a-w- C:\xEkjtM.bat
2009-07-07 16:03 . 2009-07-07 16:03 256 ----a-w- C:\MjvNDt.bat
2009-07-07 15:55 . 2009-07-07 15:55 6998 ----a-w- C:\MOw7Vw.bat
2009-07-07 15:55 . 2009-07-07 15:55 248 ----a-w- C:\imsCBZY.bat
2009-07-01 17:50 . 2008-12-22 19:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-06-29 16:05 . 2009-06-29 16:05 6998 ----a-w- C:\yZ2iXm.bat
2009-06-29 16:05 . 2009-06-29 16:05 256 ----a-w- C:\bUA.bat
2009-06-29 15:58 . 2009-06-29 15:58 6998 ----a-w- C:\L3r.bat
2009-06-29 15:58 . 2009-06-29 15:58 274 ----a-w- C:\rtHbD6s.bat
2009-06-29 15:35 . 2009-06-29 15:35 6998 ----a-w- C:\umqhLicp.bat
2009-06-29 15:35 . 2009-06-29 15:35 238 ----a-w- C:\EDdKN.bat
2009-06-29 15:20 . 2009-06-29 15:20 6998 ----a-w- C:\HqeT.bat
2009-06-29 15:20 . 2009-06-29 15:20 238 ----a-w- C:\RShDj.bat
2009-06-27 15:07 . 2009-06-27 15:07 6998 ----a-w- C:\MF3d.bat
2009-06-27 15:07 . 2009-06-27 15:07 234 ----a-w- C:\oR3hEE.bat
2009-06-26 21:22 . 2009-06-26 21:22 6998 ----a-w- C:\QY4.bat
2009-06-26 21:22 . 2009-06-26 21:22 249 ----a-w- C:\dezF.bat
2009-06-26 21:06 . 2009-06-26 21:06 6998 ----a-w- C:\vUzvaWg.bat
2009-06-26 21:06 . 2009-06-26 21:06 255 ----a-w- C:\zqz7Y.bat
2009-06-26 21:00 . 2009-06-26 21:00 6998 ----a-w- C:\wfzB3X.bat
2009-06-26 21:00 . 2009-06-26 21:00 275 ----a-w- C:\nA9Aow1.bat
2009-06-26 20:54 . 2009-06-26 20:54 6998 ----a-w- C:\jqSx.bat
2009-06-26 20:54 . 2009-06-26 20:54 253 ----a-w- C:\oGD1dc.bat
2009-06-26 20:39 . 2009-06-26 20:39 6998 ----a-w- C:\aI1O.bat
2009-06-26 20:39 . 2009-06-26 20:39 233 ----a-w- C:\YfDuIl7.bat
2009-06-26 20:32 . 2009-06-26 20:32 6998 ----a-w- C:\koRJVVim.bat
2009-06-26 20:32 . 2009-06-26 20:32 241 ----a-w- C:\HnSd.bat
2009-06-26 20:27 . 2009-06-26 20:27 6998 ----a-w- C:\eOLbd4s.bat
2009-06-26 20:27 . 2009-06-26 20:27 248 ----a-w- C:\mH7xy.bat
2009-06-26 20:19 . 2009-06-26 20:19 6998 ----a-w- C:\RUyy.bat
2009-06-26 20:19 . 2009-06-26 20:19 261 ----a-w- C:\emq.bat
2009-06-26 20:09 . 2009-06-26 20:09 6998 ----a-w- C:\MaH8uA.bat
2009-06-26 20:09 . 2009-06-26 20:09 258 ----a-w- C:\oXf4XG9.bat
2009-06-26 20:06 . 2009-06-26 20:06 6998 ----a-w- C:\wYTk.bat
2009-06-26 20:06 . 2009-06-26 20:06 244 ----a-w- C:\qEX.bat
2009-06-26 20:03 . 2009-06-26 20:03 6998 ----a-w- C:\EcDQ9a.bat
2009-06-26 20:03 . 2009-06-26 20:03 266 ----a-w- C:\leT0.bat
2009-06-26 20:01 . 2009-06-26 20:01 6998 ----a-w- C:\Jz5.bat
2009-06-26 20:01 . 2009-06-26 20:01 250 ----a-w- C:\CFM.bat
2009-06-26 19:57 . 2009-06-26 19:57 6998 ----a-w- C:\lzxi.bat
2009-06-26 19:57 . 2009-06-26 19:57 275 ----a-w- C:\EixHV.bat
2009-06-26 19:34 . 2009-06-26 19:34 6998 ----a-w- C:\kTLkS.bat
2009-06-26 19:34 . 2009-06-26 19:34 240 ----a-w- C:\dAeFjHq.bat
2009-06-26 19:22 . 2009-06-26 19:22 6998 ----a-w- C:\uOHd.bat
2009-06-26 19:22 . 2009-06-26 19:22 240 ----a-w- C:\Oa6D.bat
2009-06-26 19:02 . 2009-06-26 19:02 6998 ----a-w- C:\YtU4qH.bat
2009-06-26 19:02 . 2009-06-26 19:02 267 ----a-w- C:\IgLKnwT.bat
2009-06-26 18:45 . 2009-06-26 18:45 6998 ----a-w- C:\NqYcQQ.bat
2009-06-26 18:45 . 2009-06-26 18:45 274 ----a-w- C:\hZYU.bat
2009-06-26 18:29 . 2009-06-26 18:29 6998 ----a-w- C:\hsDNe.bat
2009-06-26 18:29 . 2009-06-26 18:29 273 ----a-w- C:\HRwRVSG.bat
2009-06-26 18:08 . 2009-06-26 18:08 6998 ----a-w- C:\Bepht8J6.bat
2009-06-26 18:08 . 2009-06-26 18:08 256 ----a-w- C:\eaISlyX.bat
2009-06-26 18:01 . 2009-06-26 18:01 6998 ----a-w- C:\gpzOj2.bat
2009-06-26 18:01 . 2009-06-26 18:01 264 ----a-w- C:\zqJKlgd.bat
2009-06-26 17:22 . 2009-06-26 17:22 6998 ----a-w- C:\NE51wH.bat
2009-06-26 17:22 . 2009-06-26 17:22 247 ----a-w- C:\bd1KSv.bat
2009-06-26 16:36 . 2009-06-26 16:36 6998 ----a-w- C:\ICjs3k.bat
2009-06-26 16:36 . 2009-06-26 16:36 248 ----a-w- C:\rBDE1PuI.bat
2009-06-26 16:34 . 2009-06-26 16:34 6998 ----a-w- C:\MY6oPCw.bat
2009-06-26 16:34 . 2009-06-26 16:34 276 ----a-w- C:\Yhcq.bat
2009-06-26 16:23 . 2009-06-26 16:23 6998 ----a-w- C:\PshX.bat
2009-06-26 16:23 . 2009-06-26 16:23 239 ----a-w- C:\ZgxVSK.bat
2009-06-26 16:16 . 2009-06-26 16:16 6998 ----a-w- C:\YdL.bat
2009-06-26 16:16 . 2009-06-26 16:16 245 ----a-w- C:\ugOssOe7.bat
2009-06-26 16:07 . 2009-06-26 16:07 6998 ----a-w- C:\eMm4sHl.bat
2009-06-26 16:07 . 2009-06-26 16:07 254 ----a-w- C:\GdG.bat
2009-06-26 16:04 . 2009-06-26 16:04 6998 ----a-w- C:\OPVxM1Fv.bat
2009-06-26 16:04 . 2009-06-26 16:04 271 ----a-w- C:\RZEIw.bat
2009-06-26 16:01 . 2009-06-26 16:01 6998 ----a-w- C:\zJ1jOna8.bat
2009-06-26 16:01 . 2009-06-26 16:01 266 ----a-w- C:\tkZnn.bat
2009-06-26 15:50 . 2009-06-26 15:50 6998 ----a-w- C:\udnE.bat
2009-06-26 15:50 . 2009-06-26 15:50 273 ----a-w- C:\iALIqwOH.bat
2009-06-26 15:47 . 2009-06-26 15:47 6998 ----a-w- C:\ANgs.bat
2009-06-26 15:47 . 2009-06-26 15:47 264 ----a-w- C:\Dcx8.bat
2009-06-25 22:09 . 2009-06-25 22:09 6998 ----a-w- C:\THJTB5f3.bat
2009-06-25 22:09 . 2009-06-25 22:09 236 ----a-w- C:\NnG.bat
2009-06-25 21:52 . 2009-06-25 21:52 6998 ----a-w- C:\AHCF4b.bat
2009-06-25 21:52 . 2009-06-25 21:52 242 ----a-w- C:\IBksNM.bat
2009-06-25 21:39 . 2009-06-25 21:39 6998 ----a-w- C:\EfgY.bat
2009-06-25 21:39 . 2009-06-25 21:39 274 ----a-w- C:\IV8KGs9.bat
2009-06-24 18:18 . 2009-06-24 18:18 6998 ----a-w- C:\cVPgyj.bat
2009-06-24 18:18 . 2009-06-24 18:18 267 ----a-w- C:\XWP.bat
2009-06-22 23:40 . 2009-06-22 23:40 6998 ----a-w- C:\S4pj4.bat
2009-06-22 23:40 . 2009-06-22 23:40 259 ----a-w- C:\CcN0PH.bat
2009-06-22 23:39 . 2009-06-22 23:39 6998 ----a-w- C:\tG1JEq.bat
2009-06-22 23:39 . 2009-06-22 23:39 231 ----a-w- C:\XCLgB7S.bat
2009-06-22 23:32 . 2009-06-22 23:32 6998 ----a-w- C:\qHG5cvEw.bat
2009-06-22 23:32 . 2009-06-22 23:32 273 ----a-w- C:\xZOCTdq.bat
2009-06-22 23:29 . 2009-06-22 23:29 6998 ----a-w- C:\m0m.bat
2009-06-22 23:29 . 2009-06-22 23:29 243 ----a-w- C:\SwKy.bat
2009-06-22 23:07 . 2009-06-22 23:07 6998 ----a-w- C:\pubAxry.bat
2009-06-22 23:07 . 2009-06-22 23:07 232 ----a-w- C:\ntIgpf0.bat
2009-06-22 22:59 . 2009-06-22 22:59 6998 ----a-w- C:\t5UA.bat
2009-06-22 22:59 . 2009-06-22 22:59 239 ----a-w- C:\vt7OiQ.bat
2009-06-22 22:51 . 2009-06-22 22:51 6998 ----a-w- C:\B5A.bat
2009-06-22 22:51 . 2009-06-22 22:51 233 ----a-w- C:\IS5.bat
2009-06-22 22:47 . 2009-06-22 22:47 6998 ----a-w- C:\j4EFvY.bat
2009-06-22 22:47 . 2009-06-22 22:47 257 ----a-w- C:\SRBFSefH.bat
2009-06-22 22:42 . 2009-06-22 22:42 6998 ----a-w- C:\maldKyfc.bat
2009-06-22 22:42 . 2009-06-22 22:42 272 ----a-w- C:\vBChyy7V.bat
2009-06-22 22:29 . 2009-06-22 22:29 6998 ----a-w- C:\PH3LlFsl.bat
2009-06-22 22:29 . 2009-06-22 22:29 269 ----a-w- C:\VWwo5.bat
2009-06-22 22:24 . 2009-06-22 22:24 6998 ----a-w- C:\QkEA8.bat
2009-06-22 22:24 . 2009-06-22 22:24 229 ----a-w- C:\gpfauvKP.bat
2009-06-22 22:03 . 2009-06-22 22:03 6998 ----a-w- C:\VTK2.bat
2009-06-22 22:03 . 2009-06-22 22:03 237 ----a-w- C:\Kf08qiY.bat
2009-06-22 21:58 . 2009-06-22 21:58 6998 ----a-w- C:\lXJqq.bat
2009-06-22 21:58 . 2009-06-22 21:58 252 ----a-w- C:\mXHd3NbE.bat
2009-06-22 21:55 . 2009-06-22 21:55 6998 ----a-w- C:\PHgsR.bat
2009-06-22 21:55 . 2009-06-22 21:55 266 ----a-w- C:\bcDB.bat
2009-06-22 21:36 . 2009-06-22 21:36 6998 ----a-w- C:\KTLsj.bat
2009-06-22 21:36 . 2009-06-22 21:36 256 ----a-w- C:\uv9SlG5L.bat
2009-06-22 21:27 . 2009-06-22 21:27 6998 ----a-w- C:\W9NOTkZ.bat
2009-06-22 21:27 . 2009-06-22 21:27 272 ----a-w- C:\PCj3dkbU.bat
2009-06-22 21:15 . 2009-06-22 21:15 6998 ----a-w- C:\ouP.bat
2009-06-22 21:15 . 2009-06-22 21:15 233 ----a-w- C:\P3L0.bat
2009-06-22 21:08 . 2009-06-22 21:08 6998 ----a-w- C:\HSVCvcl7.bat
2009-06-22 21:08 . 2009-06-22 21:08 229 ----a-w- C:\rc9.bat
2009-06-22 21:01 . 2009-06-22 21:01 6998 ----a-w- C:\YlF6.bat
2009-06-22 21:01 . 2009-06-22 21:01 274 ----a-w- C:\vRBA0.bat
2009-06-22 20:59 . 2009-06-22 20:59 6998 ----a-w- C:\g7jxBn.bat
2009-06-22 20:59 . 2009-06-22 20:59 232 ----a-w- C:\irB.bat
2009-06-22 20:47 . 2009-06-22 20:47 6998 ----a-w- C:\KUNRBfu1.bat
2009-06-22 20:47 . 2009-06-22 20:47 258 ----a-w- C:\dU1IZ.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 17:18 . 2006-05-08 18:17 -------- d-----w- c:\program files\Plaxo
2009-07-08 16:03 . 2008-07-31 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-08 04:59 . 2006-11-03 17:35 -------- d-----w- c:\program files\LogMeIn
2009-07-07 19:59 . 2006-04-11 15:30 -------- d-----w- c:\program files\Network Assistant
2009-07-07 19:19 . 2006-12-29 16:30 -------- d-----w- c:\program files\Trend Micro
2009-07-06 16:18 . 2008-05-08 18:26 -------- d-----w- c:\program files\SmartDraw 2008
2009-07-01 17:50 . 2009-02-17 17:40 2 --shatr- c:\windows\winstart.bat
2009-07-01 17:50 . 2009-02-17 17:39 -------- d-----w- c:\program files\UnHackMe
2009-07-01 17:49 . 2008-07-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-22 17:05 . 2009-04-24 20:15 258 ----a-w- C:\ngY.bat
2009-06-08 20:42 . 2008-02-12 19:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-08 19:05 . 2006-03-07 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:54 . 2006-03-31 18:32 -------- d-----w- c:\program files\Schwab Performance Technologies
2009-06-01 22:09 . 2009-06-01 22:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 22:09 . 2009-04-23 14:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 22:08 . 2009-06-01 22:08 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 22:02 . 2009-06-01 22:02 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 22:02 . 2009-06-01 22:02 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 00:04 . 2009-06-01 00:04 6998 ----a-w- C:\Z6qmt.bat
2009-06-01 00:04 . 2009-06-01 00:04 275 ----a-w- C:\y3pCH.bat
2009-05-28 15:42 . 2009-05-28 15:42 6998 ----a-w- C:\V6lQa8.bat
2009-05-28 15:42 . 2009-05-28 15:42 256 ----a-w- C:\qLL.bat
2009-05-28 15:29 . 2009-05-28 15:29 6998 ----a-w- C:\eAO89EPG.bat
2009-05-28 15:29 . 2009-05-28 15:29 245 ----a-w- C:\rCvYguTN.bat
2009-05-28 15:03 . 2009-05-28 15:03 6998 ----a-w- C:\aE4fB.bat
2009-05-28 15:03 . 2009-05-28 15:03 261 ----a-w- C:\MMUx5.bat
2009-05-28 14:54 . 2009-05-28 14:54 6998 ----a-w- C:\YZc.bat
2009-05-28 14:54 . 2009-05-28 14:54 262 ----a-w- C:\kb4X2uFY.bat
2009-05-27 21:44 . 2009-05-27 21:44 6998 ----a-w- C:\hDa.bat
2009-05-27 21:44 . 2009-05-27 21:44 265 ----a-w- C:\a3N6V9x.bat
2009-05-27 21:30 . 2009-05-27 21:30 6998 ----a-w- C:\V3x2sGC4.bat
2009-05-27 21:30 . 2009-05-27 21:30 247 ----a-w- C:\QPdQowz.bat
2009-05-27 21:24 . 2009-05-27 21:24 6998 ----a-w- C:\xYE.bat
2009-05-27 21:24 . 2009-05-27 21:24 251 ----a-w- C:\WjZi1yTa.bat
2009-05-27 21:11 . 2009-05-27 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 21:09 . 2009-05-27 21:09 6998 ----a-w- C:\vKDV.bat
2009-05-27 21:09 . 2009-05-27 21:09 270 ----a-w- C:\I13pBWX.bat
2009-05-27 21:08 . 2009-05-27 21:08 6998 ----a-w- C:\CgHmJWL.bat
2009-05-27 21:08 . 2009-05-27 21:08 234 ----a-w- C:\Nyv.bat
2009-05-27 21:06 . 2009-05-27 21:06 6998 ----a-w- C:\kI1lXYQl.bat
2009-05-27 21:06 . 2009-05-27 21:06 243 ----a-w- C:\dw1yw.bat
2009-05-27 20:59 . 2009-05-27 20:59 6998 ----a-w- C:\K1UsWz.bat
2009-05-27 20:59 . 2009-05-27 20:59 276 ----a-w- C:\jaNz0.bat
2009-05-27 20:46 . 2009-05-27 20:46 6998 ----a-w- C:\wLrf.bat
2009-05-27 20:46 . 2009-05-27 20:46 258 ----a-w- C:\Nkm.bat
2009-05-27 20:42 . 2009-05-27 20:42 6998 ----a-w- C:\VM31W.bat
2009-05-27 20:42 . 2009-05-27 20:42 261 ----a-w- C:\dfFfKDP.bat
2009-05-27 20:37 . 2009-05-27 20:37 6998 ----a-w- C:\ztw.bat
2009-05-27 20:37 . 2009-05-27 20:37 263 ----a-w- C:\DJDbwokh.bat
2009-05-27 20:26 . 2009-05-27 20:26 6998 ----a-w- C:\r6BlrlXa.bat
2009-05-27 20:26 . 2009-05-27 20:26 254 ----a-w- C:\esnLV2IP.bat
2009-05-27 20:09 . 2009-05-27 20:09 6998 ----a-w- C:\lzU.bat
2009-05-27 20:09 . 2009-05-27 20:09 259 ----a-w- C:\ZwoJr6AT.bat
2009-05-27 20:07 . 2009-05-27 20:07 6998 ----a-w- C:\P4D.bat
2009-05-27 20:07 . 2009-05-27 20:07 242 ----a-w- C:\zvGI.bat
2009-05-27 19:56 . 2009-05-27 19:56 6998 ----a-w- C:\wQpa5.bat
2009-05-27 19:56 . 2009-05-27 19:56 264 ----a-w- C:\H67TgySt.bat
2009-05-27 19:43 . 2009-05-27 19:43 6998 ----a-w- C:\oOJD.bat
2009-05-27 19:43 . 2009-05-27 19:43 242 ----a-w- C:\q4pb99n.bat
2009-05-27 19:39 . 2009-05-27 19:39 6998 ----a-w- C:\GAInZVr.bat
2009-05-27 19:39 . 2009-05-27 19:39 247 ----a-w- C:\Qfvs.bat
2009-05-27 19:31 . 2009-05-27 19:31 6998 ----a-w- C:\hkit7A.bat
2009-05-27 19:31 . 2009-05-27 19:31 233 ----a-w- C:\sLgsI3.bat
2009-05-27 19:15 . 2009-05-27 19:15 6998 ----a-w- C:\UJtipqpV.bat
2009-05-27 19:15 . 2009-05-27 19:15 259 ----a-w- C:\T1yIrP9m.bat
2009-05-27 19:09 . 2009-05-27 19:09 6998 ----a-w- C:\ySQP.bat
2009-05-27 19:09 . 2009-05-27 19:09 260 ----a-w- C:\INP.bat
2009-05-27 19:05 . 2009-05-27 19:05 6998 ----a-w- C:\Q7o.bat
2009-05-27 19:05 . 2009-05-27 19:05 234 ----a-w- C:\v5MYPLf.bat
2009-05-27 19:03 . 2009-05-27 19:03 6998 ----a-w- C:\zYEt.bat
2009-05-27 19:03 . 2009-05-27 19:03 240 ----a-w- C:\PWGhGNAx.bat
2009-05-27 19:00 . 2009-05-27 19:00 6998 ----a-w- C:\IU3cUHUW.bat
2009-05-27 19:00 . 2009-05-27 19:00 249 ----a-w- C:\RSILNZ.bat
2009-05-27 18:58 . 2009-05-27 18:58 6998 ----a-w- C:\oIk1L3.bat
2009-05-27 18:58 . 2009-05-27 18:58 255 ----a-w- C:\w0HLv.bat
2009-05-27 18:56 . 2009-05-27 18:56 6998 ----a-w- C:\UoG6mM.bat
2009-05-27 18:56 . 2009-05-27 18:56 256 ----a-w- C:\I4bt0lvQ.bat
2009-05-27 18:37 . 2009-05-27 18:37 6998 ----a-w- C:\aP2Q.bat
2009-05-27 18:37 . 2009-05-27 18:37 235 ----a-w- C:\EBo8BIaC.bat
2009-05-27 18:23 . 2009-05-27 18:23 6998 ----a-w- C:\Z482x0FK.bat
2009-05-27 18:23 . 2009-05-27 18:23 262 ----a-w- C:\WcC.bat
2009-05-27 18:22 . 2009-05-27 18:22 6998 ----a-w- C:\ygsn.bat
2009-05-27 18:22 . 2009-05-27 18:22 232 ----a-w- C:\tbj.bat
2009-05-27 18:17 . 2009-05-27 18:17 6998 ----a-w- C:\Z5OS2WqW.bat
2009-05-27 18:17 . 2009-05-27 18:17 271 ----a-w- C:\Gld5V.bat
2009-05-27 18:08 . 2009-05-27 18:08 6998 ----a-w- C:\L5DZfSVe.bat
2009-05-27 18:08 . 2009-05-27 18:08 271 ----a-w- C:\b0bybXv6.bat
2009-05-27 17:50 . 2009-05-27 17:50 6998 ----a-w- C:\Jfvis.bat
2009-05-27 17:50 . 2009-05-27 17:50 269 ----a-w- C:\cRmo.bat
2009-05-27 17:49 . 2009-05-27 17:49 6998 ----a-w- C:\wZElj.bat
2009-05-27 17:49 . 2009-05-27 17:49 260 ----a-w- C:\T8PX6y.bat
2009-05-27 17:47 . 2009-05-27 17:47 6998 ----a-w- C:\R6IxZS.bat
2009-05-27 17:47 . 2009-05-27 17:47 263 ----a-w- C:\YIZatxR.bat
2009-05-27 17:44 . 2009-05-27 17:44 6998 ----a-w- C:\TrN18f.bat
2009-05-27 17:44 . 2009-05-27 17:44 272 ----a-w- C:\jv89VUe.bat
2009-05-27 17:20 . 2009-05-27 17:20 6998 ----a-w- C:\E9Ozos6.bat
2009-05-27 17:20 . 2009-05-27 17:20 273 ----a-w- C:\GRbp4ad.bat
2009-05-27 17:19 . 2009-05-27 17:19 6998 ----a-w- C:\Njx.bat
2009-05-27 17:19 . 2009-05-27 17:19 272 ----a-w- C:\Yb0qXB.bat
2009-05-27 17:08 . 2009-05-27 17:08 6998 ----a-w- C:\Q1pZS5.bat
2006-04-20 15:28 . 2006-04-17 18:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-04-25 3334144]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"PlaxoUpdate "= "c:\program files\Plaxo\3.19.0.16\PlaxoHelper_en.exe" [2009-02-09 371271]
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PlaxoSysTray "= "c:\program files\Plaxo\3.19.0.16\PlaxoSysTray.exe" [2009-02-09 20480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SigmatelSysTrayApp "= "c:\windows\stsystra.exe" [2005-03-23 339968]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Logitech Hardware Abstraction Layer "= "c:\windows\KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-10 593920]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-27 47640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1003344]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:49]

2009-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 16:46]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\coh2bzuj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 13:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LMIinit.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3312)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Plaxo\3.19.0.16\plx_hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-08 13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 17:22
ComboFix2.txt 2009-07-07 19:51
ComboFix3.txt 2009-04-23 19:29
ComboFix4.txt 2009-01-22 18:42

Pre-Run: 67,202,015,232 bytes free
Post-Run: 67,183,960,064 bytes free

466 --- E O F --- 2007-06-27 07:07

R1ck · 2009/07/08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27, on 2009-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rick Picon\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe "
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe "
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12778 bytes

broni · 2009/07/08

It looks to me, you didn't:

Go Start>Run, type in:
cmd
Click OK.

At command prompt, type in:
del c:\*bat
Press Enter.

Close command prompt window.
Click to expand...

What happened?

R1ck · 2009/07/10

not sure. I'll try again :

ComboFix 09-07-09.08 - rpicon 2009-07-10 13:23.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1154 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\random.exe
Command switches used :: c:\documents and settings\Rick Picon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

FILE ::
"c:\windows\system32\0DDFEFD744.sys "
.

((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-01 17:50 . 2008-12-22 19:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-06-10 21:41 . 2009-06-11 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\93791246
2009-06-10 21:41 . 2009-06-11 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\13781254

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 15:02 . 2006-11-03 17:35 -------- d-----w- c:\program files\LogMeIn
2009-07-09 17:04 . 2008-07-31 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-08 17:33 . 2006-04-11 15:30 -------- d-----w- c:\program files\Network Assistant
2009-07-08 17:18 . 2006-05-08 18:17 -------- d-----w- c:\program files\Plaxo
2009-07-07 19:19 . 2006-12-29 16:30 -------- d-----w- c:\program files\Trend Micro
2009-07-06 16:18 . 2008-05-08 18:26 -------- d-----w- c:\program files\SmartDraw 2008
2009-07-01 17:50 . 2009-02-17 17:40 2 --shatr- c:\windows\winstart.bat
2009-07-01 17:50 . 2009-02-17 17:39 -------- d-----w- c:\program files\UnHackMe
2009-07-01 17:49 . 2008-07-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 20:42 . 2008-02-12 19:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-08 19:06 . 2009-06-08 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Schwab Performance Technologies
2009-06-08 19:05 . 2006-03-07 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:54 . 2006-03-31 18:32 -------- d-----w- c:\program files\Schwab Performance Technologies
2009-06-01 22:09 . 2009-06-01 22:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 22:09 . 2009-04-23 14:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-27 21:11 . 2009-05-27 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-20 19:21 . 2008-06-10 16:30 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\Move Networks
2009-05-20 19:21 . 2009-05-20 19:21 34061 ----a-w- c:\documents and settings\Rick Picon\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-20 19:21 . 2009-05-20 19:21 1050976 ----a-w- c:\documents and settings\Rick Picon\Application Data\Move Networks\MoveMediaPlayer_071302000002.exe
2009-05-12 17:59 . 2008-02-29 17:41 -------- d-----w- c:\program files\PokerStars
2009-05-08 15:31 . 2009-05-08 15:31 36200 ----a-w- C:\tlqXyd9.exe
2009-05-04 21:51 . 2009-05-04 21:51 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-04 21:51 . 2009-04-22 21:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-22 20:45 . 2009-04-22 20:45 99912 ----a-w- C:\jGrg.exe
2009-04-22 16:45 . 2009-04-22 16:45 109 --sha-w- c:\windows\system32\70004699.dat
2009-04-15 14:37 . 2009-04-13 20:37 408 ----a-w- c:\windows\Hzelivafecu.dat
2009-04-15 14:37 . 2009-04-13 20:37 0 ----a-w- c:\windows\Edurogavimovu.bin
2006-04-20 15:28 . 2006-04-17 18:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-04-25 3334144]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"PlaxoUpdate "= "c:\program files\Plaxo\3.19.0.16\PlaxoHelper_en.exe" [2009-02-09 371271]
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PlaxoSysTray "= "c:\program files\Plaxo\3.19.0.16\PlaxoSysTray.exe" [2009-02-09 20480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SigmatelSysTrayApp "= "c:\windows\stsystra.exe" [2005-03-23 339968]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Logitech Hardware Abstraction Layer "= "c:\windows\KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-10 593920]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-27 47640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1029456]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:03]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 16:46]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\coh2bzuj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 13:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LMIinit.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2476)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Network Assistant\HOOKS.DLL
c:\program files\Plaxo\3.19.0.16\plx_hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-07-10 13:29
ComboFix-quarantined-files.txt 2009-07-10 17:29
ComboFix2.txt 2009-07-08 17:23
ComboFix3.txt 2009-07-07 19:51
ComboFix4.txt 2009-04-23 19:29
ComboFix5.txt 2009-07-10 17:22

Pre-Run: 67,060,695,040 bytes free
Post-Run: 67,074,670,592 bytes free

223 --- E O F --- 2007-06-27 07:07

broni · 2009/07/10

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\winstart.bat
C:\tlqXyd9.exe
c:\windows\system32\70004699.dat
c:\windows\Hzelivafecu.dat
c:\windows\Edurogavimovu.bin

Folder::

Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

R1ck · 2009/07/10

ComboFix 09-07-09.08 - rpicon 2009-07-10 17:02.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1169 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\random.exe
Command switches used :: c:\documents and settings\Rick Picon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

FILE ::
"C:\tlqXyd9.exe "
"c:\windows\Edurogavimovu.bin "
"c:\windows\Hzelivafecu.dat "
"c:\windows\system32\70004699.dat "
"c:\windows\winstart.bat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tlqXyd9.exe
c:\windows\Edurogavimovu.bin
c:\windows\Hzelivafecu.dat
c:\windows\system32\70004699.dat
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-01 17:50 . 2008-12-22 19:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-06-10 21:41 . 2009-06-11 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\93791246
2009-06-10 21:41 . 2009-06-11 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\13781254

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 18:05 . 2008-07-31 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-10 15:02 . 2006-11-03 17:35 -------- d-----w- c:\program files\LogMeIn
2009-07-08 17:33 . 2006-04-11 15:30 -------- d-----w- c:\program files\Network Assistant
2009-07-08 17:18 . 2006-05-08 18:17 -------- d-----w- c:\program files\Plaxo
2009-07-07 19:19 . 2006-12-29 16:30 -------- d-----w- c:\program files\Trend Micro
2009-07-06 16:18 . 2008-05-08 18:26 -------- d-----w- c:\program files\SmartDraw 2008
2009-07-01 17:50 . 2009-02-17 17:39 -------- d-----w- c:\program files\UnHackMe
2009-07-01 17:49 . 2008-07-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 20:42 . 2008-02-12 19:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-08 19:06 . 2009-06-08 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Schwab Performance Technologies
2009-06-08 19:05 . 2006-03-07 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:54 . 2006-03-31 18:32 -------- d-----w- c:\program files\Schwab Performance Technologies
2009-06-01 22:09 . 2009-06-01 22:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 22:09 . 2009-04-23 14:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-27 21:11 . 2009-05-27 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-20 19:21 . 2008-06-10 16:30 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\Move Networks
2009-05-20 19:21 . 2009-05-20 19:21 34061 ----a-w- c:\documents and settings\Rick Picon\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-20 19:21 . 2009-05-20 19:21 1050976 ----a-w- c:\documents and settings\Rick Picon\Application Data\Move Networks\MoveMediaPlayer_071302000002.exe
2009-05-12 17:59 . 2008-02-29 17:41 -------- d-----w- c:\program files\PokerStars
2009-05-04 21:51 . 2009-05-04 21:51 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-04 21:51 . 2009-04-22 21:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-22 20:45 . 2009-04-22 20:45 99912 ----a-w- C:\jGrg.exe
2006-04-20 15:28 . 2006-04-17 18:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-04-25 3334144]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"PlaxoUpdate "= "c:\program files\Plaxo\3.19.0.16\PlaxoHelper_en.exe" [2009-02-09 371271]
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PlaxoSysTray "= "c:\program files\Plaxo\3.19.0.16\PlaxoSysTray.exe" [2009-02-09 20480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SigmatelSysTrayApp "= "c:\windows\stsystra.exe" [2005-03-23 339968]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Logitech Hardware Abstraction Layer "= "c:\windows\KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-10 593920]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-27 47640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1029456]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:03]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 16:46]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\coh2bzuj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 17:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LMIinit.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-07-10 17:08
ComboFix-quarantined-files.txt 2009-07-10 21:08
ComboFix2.txt 2009-07-10 17:29
ComboFix3.txt 2009-07-08 17:23
ComboFix4.txt 2009-07-07 19:51
ComboFix5.txt 2009-07-10 21:01

Pre-Run: 66,859,196,416 bytes free
Post-Run: 67,063,926,784 bytes free

222 --- E O F --- 2007-06-27 07:07

R1ck · 2009/07/10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36, on 2009-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Network Assistant\Nassi.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe "
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe "
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12902 bytes

broni · 2009/07/10

Well done

Uninstall Combofix:

Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Active Pc freezes, fonts looks altered, programs won't run or crash.

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Pc freezes, fonts looks altered, programs won't run or crash.

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

R1ck Inactive Thread Starter

R1ck Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches