Solved Unable to update any security software

hepl · 2010/03/23

[Resolved] Unable to update any security software

3/19 - I left my pc running with Firefox open and returned 30 minutes later with the computer locked up. Reset the machine and I got an error message that Zonealarm had experienced an error and a dump file had been created and would like to send the file to Zonealarm. I have used ZA for 10 years and never experienced something like this so I cancelled the box and looked at the Internet log dir under windows and there were 2-3 zip files with the date and the word dump in the file name. I immediately suspected a trojan and attempted to update Malwarebyte's and run it. It would not update.

Over the last couple days I attempted to update and run Search & Destroy, SAS, and AVG 9.0. None of these programs would update but SAS (renamed) found a Trojan.Dropper which I had it remove. I downloaded Loaris Trojan Remover, Spyware Doctor, a-squared, Hitman Pro 3.5. None of them would update however they would scan. Loaris found a backdoor trojan in a Freerip.exe file and I let it delete it. Rootrepeal indicates there are two hidden files in my %windr%\system32\drivers directory named dump_atapi.sys and dump_wmilib.sys. Neither of these files are visible even showing hidden files. Gmer shows a file in my user\local settings\temp dir but has (GMER) after the filename. Gmer shows this file not visible by windows explorer as well.

Windows update will not update. I have to click on windows update 5-6 times for it to even go through and then it hangs up searching for updates for my system. I also had to turn on the BITS service and Automatic updates service which were previously turned on prior to this recent problem I am experiencing. I can use my IE browser but not to google certain items that include trojan, dropper, virus, malware in the search field.

On top of all that this, this malware is loading in safe mode, which is making it that much more difficult for me to remove. Any help at this point would be greatly appreciated.

DDS (Ver_10-03-17.01) - NTFSx86
Run by xx at 19:57:23.52 on Tue 03/23/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.840 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
d:\Program Files\a-squared Free\a2service.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
d:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Matt\Application Data\U3\3550701B4C133601\LaunchPad.exe
C:\Documents and Settings\Matt\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [Pop-Up Stopper] "d:\progra~1\panicw~1\pop-up~1\dpps2.exe "
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - d:\program files\logitech\setpoint ii\SetpointII.exe
IE: &NeoTrace It! - d:\progra~1\neotra~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: microsoft.com\www.update
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265267445912
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\oz3ajrnf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#home
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\matt\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\matt\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-22 217032]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-13 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 242696]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-12-15 394952]
R2 a2free;a-squared Free Service;d:\program files\a-squared free\a2service.exe [2010-3-21 1858144]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-19 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-22 112592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-11-19 10384]
S2 RKASLDVH;RKASLDVH;\??\c:\windows\system32\rkasldvh.fur --> c:\windows\system32\rkasldvh.fur [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\matt\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\matt\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2010-3-22 366840]
S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2010-3-22 1142224]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;d:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;d:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]

=============== Created Last 30 ================

2010-03-23 03:58:16 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-23 03:58:15 882 ----a-w- c:\windows\RegSDImport.xml
2010-03-23 03:58:15 879 ----a-w- c:\windows\RegISSImport.xml
2010-03-23 03:58:15 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-23 03:58:15 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-23 03:58:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-23 03:58:15 131 ----a-w- c:\windows\IDB.zip
2010-03-23 03:58:15 1152444 ----a-w- c:\windows\UDB.zip
2010-03-23 03:52:18 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-23 03:52:18 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-23 03:52:14 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-23 03:52:14 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-23 03:52:14 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-03-23 03:52:14 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-23 03:52:08 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-03-23 03:52:08 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-23 03:51:57 0 d-----w- c:\docume~1\matt\applic~1\PC Tools
2010-03-23 03:51:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-03-23 03:46:17 0 d-----w- c:\program files\common files\PC Tools
2010-03-21 05:43:54 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-21 05:43:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-03-21 05:43:14 0 d-----w- c:\program files\Hitman Pro 3.5
2010-03-20 06:21:50 311296 ----a-w- c:\windows\~DFE2BE.tmp
2010-03-20 05:50:54 0 ----a-w- c:\documents and settings\matt\ntuser.tmp
2010-03-19 20:27:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 04:54:48 32768 ----a-w- c:\windows\system32\RO846B.tmp
2010-02-28 17:29:46 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-02-28 17:29:36 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-28 17:28:16 9047 ----a-w- c:\windows\system32\nvinfo.pb
2010-02-28 17:28:16 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-28 17:28:16 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-28 17:28:16 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-28 17:28:12 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-02-28 17:28:12 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-24 00:49:51 0 d--h--w- C:\$AVG
2010-02-24 00:49:34 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2010-03-20 05:17:59 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-03-19 20:29:59 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-19 20:29:43 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-19 20:27:46 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 20:27:07 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll

============= FINISH: 19:58:05.59 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/6/2006 9:03:14 AM
System Uptime: 3/23/2010 7:50:28 PM (0 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 8100
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2392/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 9.407 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 5.744 GiB free.
E: is FIXED (NTFS) - 31 GiB total, 11.396 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM (CDFS)
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

a-squared Free 4.5
AC3Filter (remove only)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Advanced System Optimizer 2
Apple Software Update
Auslogics Disk Defrag
AVG Free 9.0
AVI/MPEG/RM/WMV Joiner 4.11
Boilsoft Video Splitter 5.16
Browser Defender 2.0.6.15
CCleaner (remove only)
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DirectXInstallService
DivX
EMC 10 Content
erLT
Exif Launcher Ver.1.1
ffdshow [rev 2527] [2008-12-19]
Full Tilt Poker
G9x User's Guide
Google Earth
Hitman Pro 3.5
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp deskjet 930c series
hp deskjet 930c series (Remove only)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 8200 Series
HT OMEGA STRIKER7.1
Inspection Report Creator
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Loaris Trojan Remover 1.2
Logitech SetPoint 5.10
MailWasher Pro
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Moyea FLV Editor Lite version: 1.0.1.0
Mozilla Firefox (3.5.8)
Mp3tag v2.45a
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NeoTrace Pro 3.25
Nero 6 Ultra Edition
Norton SystemWorks 2002
Norton Utilities 2002 for Windows
NVIDIA Drivers
NVIDIA nView Desktop Manager
Paint Shop Pro 7
PhotoScape
Ping Plotter
Pop-Up Stopper
PowerDVD
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
Real Alternative 1.9.0
Revo Uninstaller 1.83
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spyware Doctor 7.0
SUPERAntiSpyware Free Edition
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinAVI VideoConverter
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
World of Warcraft
ZoneAlarm Pro

==== Event Viewer Messages From Past Week ========

3/23/2010 12:03:48 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
3/22/2010 11:46:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/20/2010 2:22:52 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/20/2010 2:15:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aspi32 AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL SbcpHid
3/20/2010 11:37:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/20/2010 11:35:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Aspi32 AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid Tcpip Tcpip6 vsdatant
3/20/2010 11:35:25 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2010 11:35:25 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/20/2010 11:35:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2010 11:35:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2010 11:35:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2010 11:34:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/20/2010 11:34:45 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/20/2010 1:19:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/19/2010 7:06:51 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2010 7:06:46 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 7:06:44 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 7:03:51 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2010 6:07:32 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/19/2010 11:52:51 PM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

broni · 2010/03/23

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

hepl · 2010/03/23

I was surprised to see that Combofix made some changes to my system that I didn't expect but if it fixes my problem it is worth it.

ComboFix 10-03-23.03 - xxxx 03/23/2010 23:14:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.836 [GMT -4:00]
Running from: c:\documents and settings\xxxx\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\xxxx\Application Data\CyberDefender
c:\documents and settings\xxxx\Application Data\CyberDefender\Registry Cleaner\lastresults.cdr
c:\windows\eSellerateEngine.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-24 to 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-23 04:14 . 2010-03-23 04:14 -------- d-----w- c:\documents and settings\xxxx\Local Settings\Application Data\Threat Expert
2010-03-23 01:18 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\xxxx\Application Data\U3\temp\cleanup.exe
2010-03-23 01:17 . 2008-05-02 14:41 3493888 ---ha-w- c:\documents and settings\xxxx\Application Data\U3\temp\Launchpad Removal.exe
2010-03-23 01:17 . 2010-03-24 03:01 -------- d-----w- c:\documents and settings\xxxx\Application Data\U3
2010-03-21 05:43 . 2010-03-21 05:43 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-21 05:43 . 2010-03-21 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-03-21 05:43 . 2010-03-21 05:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-19 20:27 . 2010-03-19 20:27 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-19 20:27 . 2010-03-19 20:27 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-19 20:27 . 2010-03-19 20:27 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-19 20:27 . 2010-03-19 20:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-19 20:26 . 2010-02-24 00:49 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-19 20:26 . 2010-02-24 00:49 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-19 20:26 . 2010-02-24 00:49 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-19 20:26 . 2010-02-24 00:49 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-02-28 17:29 . 2010-02-28 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-28 17:29 . 2010-02-28 17:30 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-28 17:28 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-28 17:28 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-28 17:28 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-28 17:28 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-02-28 17:28 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-24 00:56 . 2010-02-24 00:49 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-24 00:56 . 2010-02-24 00:49 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-24 00:49 . 2010-02-24 00:52 -------- d-----w- C:\$AVG
2010-02-24 00:49 . 2010-02-24 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 03:08 . 2005-01-06 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-24 03:06 . 2007-06-15 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-23 03:58 . 2010-03-23 03:46 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-23 03:51 . 2010-03-23 03:51 -------- d-----w- c:\documents and settings\xxxx\Application Data\PC Tools
2010-03-23 03:51 . 2010-03-23 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-21 15:40 . 2009-02-26 01:46 -------- d-----w- c:\documents and settings\xxxx\Application Data\SoundSpectrum
2010-03-21 15:38 . 2009-02-26 01:45 -------- d-----w- c:\program files\SoundSpectrum
2010-03-21 15:38 . 2009-06-05 00:35 -------- d-----w- c:\documents and settings\xxxx\Application Data\Amazon
2010-03-20 06:21 . 2010-03-20 06:21 311296 ----a-w- c:\windows\~DFE2BE.tmp
2010-03-20 05:50 . 2010-03-20 05:50 0 ----a-w- c:\documents and settings\xxxx\ntuser.tmp
2010-03-20 05:17 . 2005-01-06 04:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-03-19 20:29 . 2009-09-25 01:14 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-19 20:29 . 2009-10-04 02:36 371776 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-19 20:29 . 2009-10-04 02:36 187456 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-19 20:29 . 2009-09-25 00:58 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-19 20:29 . 2009-10-04 02:36 887856 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-19 20:29 . 2009-10-04 02:36 57344 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-19 20:29 . 2009-10-04 02:36 2427968 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-19 20:27 . 2009-02-13 18:15 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 20:27 . 2009-02-13 18:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-19 20:27 . 2009-02-13 18:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 15:36 . 2010-03-23 03:52 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-01 03:00 . 2005-01-06 02:49 79816 ----a-w- c:\documents and settings\xxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 07:24 . 2009-11-13 17:33 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-24 00:49 . 2008-09-04 00:29 -------- d-----w- c:\program files\AVG
2010-02-19 22:12 . 2005-01-06 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 21:38 . 2010-02-19 21:38 -------- d-----w- c:\program files\HT OMEGA STRIKER7.1
2010-02-05 13:25 . 2010-03-23 03:52 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 13:17 . 2010-03-23 03:52 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-22 13:56 . 2010-03-23 03:58 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-22 13:56 . 2010-03-23 03:58 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-22 13:56 . 2010-03-23 03:58 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-22 13:55 . 2010-03-23 03:58 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-12 04:03 . 2007-12-05 05:41 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2005-10-11 01:49 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2005-01-06 02:55 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2005-01-05 21:27 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2005-01-05 21:27 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2004-10-29 21:50 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2004-10-29 21:50 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2004-10-29 21:50 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-07 21:07 . 2009-08-30 04:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-30 04:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-12 13:30 353792 ------w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pop-Up Stopper "= "d:\progra~1\PANICW~1\POP-UP~1\dpps2.exe" [2001-08-11 716800]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-10-10 69632]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - d:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-19 20:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-01-07 04:27 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time "=2 (0x2)
"ALG "=3 (0x3)
"TapiSrv "=3 (0x3)
"RDSessMgr "=3 (0x3)
"RasMan "=3 (0x3)
"RasAuto "=3 (0x3)
"RSVP "=3 (0x3)
"mnmsrvc "=3 (0x3)
"Browser "=2 (0x2)
"ERSvc "=2 (0x2)
"helpsvc "=3 (0x3)
"Netlogon "=3 (0x3)
"RemoteRegistry "=2 (0x2)
"wuauserv "=2 (0x2)
"NVSvc "=2 (0x2)
"RoxWatch10 "=2 (0x2)
"RoxMediaDB10 "=3 (0x3)
"Roxio Upnp Server 10 "=2 (0x2)
"Roxio UPnP Renderer 10 "=3 (0x3)
"UPS "=3 (0x3)
"WmdmPmSN "=3 (0x3)
"6to4 "=2 (0x2)
"HTTPFilter "=3 (0x3)
"FastUserSwitchingCompatibility "=3 (0x3)
"TrkWks "=2 (0x2)
"BITS "=3 (0x3)
"aspnet_state "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/13/2009 1:19 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/22/2010 11:52 PM 217032]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/13/2009 2:15 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/13/2009 2:15 PM 242696]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 a2free;a-squared Free Service;d:\program files\a-squared Free\a2service.exe [3/21/2010 1:41 AM 1858144]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/19/2010 4:27 PM 308064]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/19/2009 8:23 PM 10384]
S2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/22/2010 11:58 PM 112592]
S2 RKASLDVH;RKASLDVH;\??\c:\windows\system32\rkasldvh.fur --> c:\windows\system32\rkasldvh.fur [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [3/22/2010 11:51 PM 366840]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;d:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;d:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
FF - ProfilePath - c:\documents and settings\xxxx\Application Data\Mozilla\Firefox\Profiles\oz3ajrnf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#home
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\xxxx\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\xxxx\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CmPCIaudio - CMICNFG3.cpl

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 23:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RKASLDVH]
"ImagePath "= "\??\c:\windows\system32\rkasldvh.fur "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-03-23 23:21:18
ComboFix-quarantined-files.txt 2010-03-24 03:21

Pre-Run: 10,380,472,320 bytes free
Post-Run: 10,359,910,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F8DC899CAA8F202E0A697314779E2825

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:09 PM, on 3/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
d:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - d:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - d:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265267445912
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - d:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6221 bytes

broni · 2010/03/24

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\rkasldvh.fur


Folder::

Driver::
RKASLDVH

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=dword:00000000
 "FirewallOverride "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
 "DisableMonitoring "=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RKASLDVH]


RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

hepl · 2010/03/24

ComboFix 10-03-23.03 - xxxx 03/24/2010 20:56:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.846 [GMT -4:00]
Running from: c:\documents and settings\xxxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\xxxx\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\rkasldvh.fur "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKASLDVH

((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-23 04:14 . 2010-03-23 04:14 -------- d-----w- c:\documents and settings\xxxx\Local Settings\Application Data\Threat Expert
2010-03-23 01:18 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\xxxx\Application Data\U3\temp\cleanup.exe
2010-03-23 01:17 . 2008-05-02 14:41 3493888 ---ha-w- c:\documents and settings\xxxx\Application Data\U3\temp\Launchpad Removal.exe
2010-03-23 01:17 . 2010-03-24 03:01 -------- d-----w- c:\documents and settings\xxxx\Application Data\U3
2010-03-21 05:43 . 2010-03-21 05:43 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-21 05:43 . 2010-03-21 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-03-21 05:43 . 2010-03-21 05:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-19 20:27 . 2010-03-19 20:27 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-19 20:27 . 2010-03-19 20:27 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-19 20:27 . 2010-03-19 20:27 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-19 20:27 . 2010-03-19 20:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-19 20:26 . 2010-02-24 00:49 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-19 20:26 . 2010-02-24 00:49 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-19 20:26 . 2010-02-24 00:49 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-19 20:26 . 2010-02-24 00:49 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-02-28 17:29 . 2010-02-28 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-28 17:29 . 2010-02-28 17:30 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-28 17:28 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-28 17:28 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-28 17:28 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-28 17:28 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-02-28 17:28 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-24 00:56 . 2010-02-24 00:49 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-24 00:56 . 2010-02-24 00:49 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-24 00:49 . 2010-02-24 00:52 -------- d-----w- C:\$AVG
2010-02-24 00:49 . 2010-02-24 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 01:02 . 2007-06-15 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-24 03:08 . 2005-01-06 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-23 03:58 . 2010-03-23 03:46 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-23 03:51 . 2010-03-23 03:51 -------- d-----w- c:\documents and settings\xxxx\Application Data\PC Tools
2010-03-23 03:51 . 2010-03-23 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-21 15:40 . 2009-02-26 01:46 -------- d-----w- c:\documents and settings\xxxx\Application Data\SoundSpectrum
2010-03-21 15:38 . 2009-02-26 01:45 -------- d-----w- c:\program files\SoundSpectrum
2010-03-21 15:38 . 2009-06-05 00:35 -------- d-----w- c:\documents and settings\xxxx\Application Data\Amazon
2010-03-20 06:21 . 2010-03-20 06:21 311296 ----a-w- c:\windows\~DFE2BE.tmp
2010-03-20 05:50 . 2010-03-20 05:50 0 ----a-w- c:\documents and settings\xxxx\ntuser.tmp
2010-03-20 05:17 . 2005-01-06 04:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-03-19 20:29 . 2009-09-25 01:14 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-19 20:29 . 2009-10-04 02:36 371776 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-19 20:29 . 2009-10-04 02:36 187456 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-19 20:29 . 2009-09-25 00:58 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-19 20:29 . 2009-10-04 02:36 887856 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-19 20:29 . 2009-10-04 02:36 57344 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-19 20:29 . 2009-10-04 02:36 2427968 ----a-w- c:\documents and settings\xxxx\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-19 20:27 . 2009-02-13 18:15 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 20:27 . 2009-02-13 18:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-19 20:27 . 2009-02-13 18:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 15:36 . 2010-03-23 03:52 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-01 03:00 . 2005-01-06 02:49 79816 ----a-w- c:\documents and settings\xxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 07:24 . 2009-11-13 17:33 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-24 00:49 . 2008-09-04 00:29 -------- d-----w- c:\program files\AVG
2010-02-19 22:12 . 2005-01-06 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 21:38 . 2010-02-19 21:38 -------- d-----w- c:\program files\HT OMEGA STRIKER7.1
2010-02-05 13:25 . 2010-03-23 03:52 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 13:17 . 2010-03-23 03:52 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-22 13:56 . 2010-03-23 03:58 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-22 13:56 . 2010-03-23 03:58 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-22 13:56 . 2010-03-23 03:58 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-22 13:55 . 2010-03-23 03:58 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-12 04:03 . 2007-12-05 05:41 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2005-10-11 01:49 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2005-01-06 02:55 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2005-01-05 21:27 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2005-01-05 21:27 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2004-10-29 21:50 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2004-10-29 21:50 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2004-10-29 21:50 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-07 21:07 . 2009-08-30 04:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-30 04:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-12 13:30 353792 ------w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-24_03.18.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 13:26 . 2010-03-25 00:47 52196 c:\windows\system32\perfc009.dat
- 2004-08-12 13:26 . 2010-03-14 07:36 52196 c:\windows\system32\perfc009.dat
+ 2004-08-12 13:26 . 2010-03-25 00:47 341680 c:\windows\system32\perfh009.dat
- 2004-08-12 13:26 . 2010-03-14 07:36 341680 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pop-Up Stopper "= "d:\progra~1\PANICW~1\POP-UP~1\dpps2.exe" [2001-08-11 716800]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-10-10 69632]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - d:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-19 20:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-01-07 04:27 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time "=2 (0x2)
"ALG "=3 (0x3)
"TapiSrv "=3 (0x3)
"RDSessMgr "=3 (0x3)
"RasMan "=3 (0x3)
"RasAuto "=3 (0x3)
"RSVP "=3 (0x3)
"mnmsrvc "=3 (0x3)
"Browser "=2 (0x2)
"ERSvc "=2 (0x2)
"helpsvc "=3 (0x3)
"Netlogon "=3 (0x3)
"RemoteRegistry "=2 (0x2)
"wuauserv "=2 (0x2)
"NVSvc "=2 (0x2)
"RoxWatch10 "=2 (0x2)
"RoxMediaDB10 "=3 (0x3)
"Roxio Upnp Server 10 "=2 (0x2)
"Roxio UPnP Renderer 10 "=3 (0x3)
"UPS "=3 (0x3)
"WmdmPmSN "=3 (0x3)
"6to4 "=2 (0x2)
"HTTPFilter "=3 (0x3)
"FastUserSwitchingCompatibility "=3 (0x3)
"TrkWks "=2 (0x2)
"BITS "=3 (0x3)
"aspnet_state "=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/13/2009 1:19 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/22/2010 11:52 PM 217032]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/13/2009 2:15 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/13/2009 2:15 PM 242696]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 a2free;a-squared Free Service;d:\program files\a-squared Free\a2service.exe [3/21/2010 1:41 AM 1858144]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/19/2010 4:27 PM 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/22/2010 11:58 PM 112592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/19/2009 8:23 PM 10384]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [3/22/2010 11:51 PM 366840]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;d:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;d:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
FF - ProfilePath - c:\documents and settings\xxxx\Application Data\Mozilla\Firefox\Profiles\oz3ajrnf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#home
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\xxxx\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\xxxx\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 21:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2520)
d:\progra~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-03-24 21:07:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-25 01:07
ComboFix2.txt 2010-03-24 03:21

Pre-Run: 10,356,740,096 bytes free
Post-Run: 10,223,165,440 bytes free

- - End Of File - - 8074140F1DB40A3F871BCF553F7E5A55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:21 PM, on 3/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
d:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
d:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - d:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - d:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265267445912
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - d:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6289 bytes

broni · 2010/03/25

Very good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==================================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

hepl · 2010/03/25

Combofix uninstalled ok.
Malwarebytes would not connect to their website and update. I had to dl the rules file and manually update it. I also ran SAS, which takes forever to load. The resources in the task manager for SAS is 99 for about 5 minutes and the memory runs all the way up to 178MB before the program dialogue box pops up. AVG 9.0 icon on the taskbar is gone now. I searched erLT in my registery because I dont have it in my Add and Remove Programs but it is listed as installed. I think this is a logitech installer but in the process of looking erLT up an entry for ARPRODUCTICON come up which has some sites claiming it is an infected file. Also have a registry entry %windir%\tracing. The dir is not visible. I'm not sure what that is either.

Logs are attached. I'm getting concerned this is not going to go away.

Malwarebytes' Anti-Malware 1.44
Database version: 3913
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/25/2010 9:21:31 PM
mbam-log-2010-03-25 (21-21-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185353
Time elapsed: 35 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:40 PM, on 3/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
d:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265267445912
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\xxxx\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5780 bytes

hepl · 2010/03/26

I really appreciate all the help I've gotten so far. I am still not able to update any security software or run any online scans. Windows update still hangs up as well. I am home all day today if anyone has the time to help me address these problems. Thanks in advance.

broni · 2010/03/26

Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools
Some of latest AVG update(s) has been causing issues.

hepl · 2010/03/26

Like everything else involving security software, my infected machine will not access that site. I will DL from this pc and transfer it. Be back in a couple mins.

hepl · 2010/03/26

The only tool remover was older than AVG9 but i dowloaded anyway and attempted to run it. It was looking for ver 8 to remove and didn't really perform anything. So I went to add and remove programs and uninstalled avg9. Except all it did was remove it from the list of installed files. The entire program is still there and if you run the program from the desktop it runs. The icon is still not present in the system tray though. What now?

broni · 2010/03/26

See, if Revo will take care of it: http://www.revouninstaller.com/

hepl · 2010/03/26

I have revo installed. It does not have AVG9 on the list of installed programs.

broni · 2010/03/26

Reinstall AVG over the top and try to uninstall it again.

hepl · 2010/03/26

During install Zonealarm box popped with a file called stub.exe wanting to have access to a 97.XXX.XXX.XXX : DNS. File was unsigned and had no author. Computer locked up and I am rebooting now. Any ideas what that was about?

hepl · 2010/03/26

Ok,I tried to re-install AVG 9 in safemode and I get further but the next screen that comes up says that AVG installer can not detect an internet connection. But I can pull up my IE. This malware is blocking security sites preventing me from updating anything.

broni · 2010/03/26

Personally, I doubt, we're dealing with an infection here, at least not anymore.

I want you to uninstall ZoneAlarm and AVG (if possible after reinstalling).
Turn Windows firewall on.
Report on any difficulties.

hepl · 2010/03/26

I REALLY hated to uninstall ZA because I have had that installed forever and had my rules setup perfectly. But after uninstalling ZA, I rebooted and was able to update Malwarebytes for the first time since the problem started last Friday. I am running a scan now. I was not able to uninstall AVG yet but I figured the MB scan was most important atm. I will post a MW log and hijackthis log after the scan. Thank you so much to date. I just really hate to lose my ZA rules but at least some of my problem is over.

broni · 2010/03/26

Well, I've been investigating this issue for several days.
It happens only on computer, where AVG AND ZA are installed.
It looks like uninstalling one of them solves the issue.

hepl · 2010/03/26

Malwarebytes' Anti-Malware 1.44
Database version: 3919
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/26/2010 5:50:18 PM
mbam-log-2010-03-26 (17-50-12).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 214138
Time elapsed: 50 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:18 PM, on 3/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265267445912
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\XXXX\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 5348 bytes

Log in or Sign up

Solved Unable to update any security software

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Unable to update any security software

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

broni Moderator Malware Analyst

hepl Well-Known Member Thread Starter

Share This Page

Useful Searches