Inactive IE keeps randomly popping up

JMabord · 2010/07/31

[Inactive] IE keeps randomly popping up

IE explorer has been popping up randomly and my computer has been acting weird lately. I've ran Malwarebytes, but it doesnt pick up the problem. Here is a Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:14:47 PM, on 7/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Java\jre6\bin\jusched .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Joseph\Desktop\avg_iswt_stb_all_9_115_cnet.exe
C:\DOCUME~1\Joseph\LOCALS~1\Temp\7zS62.tmp\stub.exe
C:\Documents and Settings\Joseph\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pvolirazohit] rundll32.exe "C:\WINDOWS\cousdl.dll ",Startup
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://losthighwayrecords.fancorps.com/includes/ImageUploaderPHP/Scripts/ImageUploader6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8080 bytes

PeteC · 2010/08/01

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

JMabord · 2010/08/01

It's running right now. Also I've found a reoccurring .exe that reappears in my application data folder. Everytime iexplorer pops up so does this weird random numbered/lettered .exe. Also I'm not able to run system restore and I cant turn my firewall on.

JMabord · 2010/08/01

DDS (Ver_10-03-17.01) - NTFSx86
Run by Joseph at 9:09:25.28 on Sun 08/01/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.268 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
"C:\WINDOWS\System32\svchost.exe "
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Java\jre6\bin\jusched .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Joseph\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: AutorunsDisabled - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://losthighwayrecords.fancorps.com/includes/ImageUploaderPHP/Scripts/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {760B8973-48F7-40B2-B360-F7ABD8785E50} - rundll32.exe "c:\documents and settings\networkservice\application data\bitrix security\depto.dll ", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joseph\applic~1\mozilla\firefox\profiles\3w33w08z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.reddit.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\joseph\application data\mozilla\firefox\profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\joseph\application data\mozilla\firefox\profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\joseph\application data\mozilla\firefox\profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\joseph\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\joseph\application data\mozilla\firefox\profiles\3w33w08z.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-10 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-10 243312]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-12-30 1107784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-9 24652]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100730.002\naveng.sys [2010-7-30 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100730.002\navex15.sys [2010-7-30 1362608]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-10 87664]
S3 cpuz130;cpuz130;\??\c:\docume~1\joseph\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\joseph\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-12-30 153416]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
UnknownUnknown LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-08-01 06:55:36 0 d-----w- c:\program files\Spyware Doctor
2010-08-01 06:55:36 0 d-----w- c:\program files\common files\PC Tools
2010-08-01 01:07:56 0 ----a-w- c:\windows\LogMeIn_uninstall_reboot
2010-07-31 21:58:12 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-07-31 21:58:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-07-31 21:57:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-07-31 21:57:24 1024 ----a-w- C:\.rnd
2010-07-25 22:50:03 0 d-----w- c:\program files\Bungie
2010-07-24 15:13:46 41870 ----a-w- C:\details.aspx
2010-07-22 21:37:31 0 d-----w- c:\docume~1\joseph\applic~1\Bitrix Security
2010-07-21 04:47:27 0 d-----w- c:\program files\ManyCam
2010-07-21 04:18:14 2804 ----a-w- c:\windows\ikusexuy.dll
2010-07-21 04:15:44 120 ----a-w- c:\windows\Awaxanuvazijuq.dat
2010-07-21 04:15:44 0 ----a-w- c:\windows\Bvorivufep.bin
2010-07-21 04:15:32 768000 ----a-w- c:\windows\system32\drivers\quupcxe.sys
2010-07-21 04:15:11 150 ----a-w- C:\zrpt.xml
2010-07-21 04:13:28 0 d-----w- c:\docume~1\joseph\applic~1\92761AAC7BC8227AFB0D4487BD754FCB
2010-07-11 23:27:38 24 ----a-w- C:\DUKE3D.BAT
2010-07-11 23:27:38 0 d-----w- C:\DUKE3D
2010-07-04 03:43:57 0 d-----w- c:\program files\iPod
2010-07-04 03:43:41 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-06-26 00:14:53 46 ----a-w- c:\documents and settings\joseph\jagex_runescape_preferences.dat
2010-06-26 00:13:18 99 ----a-w- c:\documents and settings\joseph\jagex_runescape_preferences2.dat
2010-06-26 00:02:12 0 ----a-w- c:\documents and settings\joseph\jagex__preferences3.dat
2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 9:10:25.73 ===============

JMabord · 2010/08/01

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/7/2009 5:57:18 PM
System Uptime: 7/31/2010 7:00:33 PM (14 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1596/200mhz
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 53.031 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
L: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP536: 5/3/2010 2:09:43 PM - System Checkpoint
RP537: 5/4/2010 2:10:49 PM - System Checkpoint
RP538: 5/5/2010 2:58:48 PM - System Checkpoint
RP539: 5/6/2010 3:09:43 PM - System Checkpoint
RP540: 5/7/2010 3:21:45 PM - System Checkpoint
RP541: 5/8/2010 4:14:32 PM - System Checkpoint
RP542: 5/9/2010 4:19:17 PM - System Checkpoint
RP543: 5/9/2010 10:34:43 PM - Installed Steam
RP544: 5/10/2010 11:57:58 PM - System Checkpoint
RP545: 5/12/2010 12:07:10 AM - System Checkpoint
RP546: 5/13/2010 1:07:13 AM - System Checkpoint
RP547: 5/14/2010 1:36:03 AM - System Checkpoint
RP548: 5/15/2010 2:24:04 AM - System Checkpoint
RP549: 5/16/2010 2:57:13 AM - System Checkpoint
RP550: 5/17/2010 3:44:12 AM - System Checkpoint
RP551: 5/18/2010 3:56:19 AM - System Checkpoint
RP552: 5/19/2010 4:56:13 AM - System Checkpoint
RP553: 5/20/2010 5:44:09 AM - System Checkpoint
RP554: 5/21/2010 5:45:42 AM - System Checkpoint
RP555: 5/22/2010 6:45:39 AM - System Checkpoint
RP556: 5/22/2010 5:58:38 PM - Software Distribution Service 3.0
RP557: 5/23/2010 6:10:11 PM - System Checkpoint
RP558: 5/24/2010 7:39:17 PM - System Checkpoint
RP559: 5/25/2010 7:56:21 PM - System Checkpoint
RP560: 5/26/2010 10:47:00 PM - System Checkpoint
RP561: 5/27/2010 11:15:21 PM - System Checkpoint
RP562: 5/29/2010 1:04:58 AM - System Checkpoint
RP563: 5/30/2010 1:14:13 AM - System Checkpoint
RP564: 5/31/2010 2:14:16 AM - System Checkpoint
RP565: 5/31/2010 1:00:09 PM - Installed Opera 10.53.
RP566: 6/1/2010 1:27:42 PM - System Checkpoint
RP567: 6/2/2010 1:28:03 PM - System Checkpoint
RP568: 6/3/2010 1:39:05 PM - System Checkpoint
RP569: 6/4/2010 4:31:24 PM - System Checkpoint
RP570: 6/5/2010 4:33:53 PM - System Checkpoint
RP571: 6/6/2010 4:34:14 PM - Removed Halo Combat Evolved
RP572: 6/6/2010 4:35:21 PM - Removed Opera 10.53.
RP573: 6/6/2010 4:36:16 PM - Removed Respondus LockDown Browser
RP574: 6/7/2010 4:26:48 PM - Removed Symantec AntiVirus
RP575: 6/7/2010 4:26:54 PM - Installed Adobe Acrobat 6.0 Professional - English, FranÃ§ais, Deutsch
RP576: 6/7/2010 11:49:55 PM - Software Distribution Service 3.0
RP577: 6/9/2010 12:32:02 AM - System Checkpoint
RP578: 6/10/2010 1:15:30 AM - System Checkpoint
RP579: 6/11/2010 1:59:52 AM - System Checkpoint
RP580: 6/12/2010 2:01:19 AM - System Checkpoint
RP581: 6/13/2010 3:00:12 AM - System Checkpoint
RP582: 6/14/2010 4:00:12 AM - System Checkpoint
RP583: 6/15/2010 5:00:12 AM - System Checkpoint
RP584: 6/16/2010 6:00:15 AM - System Checkpoint
RP585: 6/17/2010 7:00:16 AM - System Checkpoint
RP586: 6/18/2010 8:00:15 AM - System Checkpoint
RP587: 6/19/2010 9:00:12 AM - System Checkpoint
RP588: 6/20/2010 9:12:12 AM - System Checkpoint
RP589: 6/20/2010 11:59:45 PM - Installed MacroMaker
RP590: 6/21/2010 12:01:32 AM - Removed MacroMaker
RP591: 6/22/2010 12:26:32 AM - System Checkpoint
RP592: 6/23/2010 12:37:38 AM - System Checkpoint
RP593: 6/24/2010 1:00:12 AM - System Checkpoint
RP594: 6/25/2010 1:01:22 AM - System Checkpoint
RP595: 6/26/2010 1:13:21 AM - System Checkpoint
RP596: 6/27/2010 1:23:23 AM - System Checkpoint
RP597: 6/28/2010 1:35:26 AM - System Checkpoint
RP598: 6/28/2010 4:40:48 PM - Software Distribution Service 3.0
RP599: 6/28/2010 10:31:55 PM - Printer Driver Microsoft XPS Document Writer Installed
RP600: 6/30/2010 12:02:51 AM - System Checkpoint
RP601: 6/30/2010 9:10:03 PM - Restore Operation
RP602: 6/30/2010 10:09:18 PM - Restore Operation
RP603: 7/2/2010 12:14:07 AM - System Checkpoint
RP604: 7/3/2010 2:53:14 AM - System Checkpoint
RP605: 7/3/2010 10:34:34 PM - Removed Apple Application Support
RP606: 7/3/2010 10:36:37 PM - Removed Apple Mobile Device Support
RP607: 7/4/2010 10:40:59 PM - System Checkpoint
RP608: 7/6/2010 12:14:16 AM - System Checkpoint
RP609: 7/7/2010 12:15:33 AM - System Checkpoint
RP610: 7/8/2010 12:55:33 AM - System Checkpoint
RP611: 7/9/2010 1:55:25 AM - System Checkpoint
RP612: 7/10/2010 2:05:56 AM - System Checkpoint
RP613: 7/11/2010 2:55:25 AM - System Checkpoint
RP614: 7/12/2010 4:07:30 AM - System Checkpoint
RP615: 7/13/2010 4:51:44 AM - System Checkpoint
RP616: 7/14/2010 5:51:44 AM - System Checkpoint
RP617: 7/15/2010 6:00:48 AM - System Checkpoint
RP618: 7/16/2010 6:12:46 AM - System Checkpoint
RP619: 7/17/2010 7:12:51 AM - System Checkpoint
RP620: 7/18/2010 8:00:47 AM - System Checkpoint
RP621: 7/19/2010 8:24:46 AM - System Checkpoint
RP622: 7/20/2010 8:36:46 AM - System Checkpoint
RP623: 7/22/2010 1:18:10 AM - System Checkpoint
RP624: 7/23/2010 1:38:03 AM - System Checkpoint
RP625: 7/24/2010 1:48:23 AM - System Checkpoint
RP626: 7/24/2010 11:21:17 AM - Installed Halo Combat Evolved
RP627: 7/25/2010 11:23:18 AM - System Checkpoint
RP628: 7/25/2010 5:49:58 PM - Installed Halo Combat Evolved
RP629: 7/27/2010 12:06:38 AM - System Checkpoint
RP630: 7/28/2010 12:32:17 AM - System Checkpoint
RP631: 7/28/2010 1:06:44 AM - Restore Operation
RP632: 7/29/2010 2:16:24 AM - System Checkpoint
RP633: 7/30/2010 10:02:40 AM - System Checkpoint
RP634: 7/31/2010 4:16:16 PM - Restore Operation
RP635: 7/31/2010 4:26:33 PM - Restore Operation
RP636: 7/31/2010 4:32:57 PM - Restore Operation
RP637: 7/31/2010 4:56:35 PM - Installed LogMeIn
RP638: 7/31/2010 8:07:38 PM - Removed LogMeIn
RP639: 7/31/2010 9:26:42 PM - OTL Restore Point

==== Installed Programs ======================

µTorrent
AAC Decoder
Acrobat.com
Adobe Acrobat 6.0 Professional - English, FranÃ§ais, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced RealMedia Export Plug-in for Premiere 6.0
AIM 7
AIM Search
AP Tuner 3.08
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AutoUpdate
AviSynth 2.5
AVS4YOU Software Navigator 1.3
Belkin Wireless USB Utility
Bonjour
BroadJump Client Foundation
CCleaner (remove only)
Choice Guard
Cleaner 5 EZ
Collab
Conexant D850 56K V.9x DFVc Modem
CopyTrans Suite Remove Only
Corel WinDVD 9
Crayon Physics Deluxe - release 51
Dell Resource CD
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
DVD Shrink 3.2
FL Studio 8
Futuremark SystemInfo
GCFScape 1.8.0
GPL MPEG-1/2 DirectShow Decoder Filter
Grand Theft Auto: Vice City
GTA San Andreas
GTK+ Runtime 2.14.7 rev a (remove only)
Guitar Pro 5.2
H.264 Decoder
Halo Combat Evolved
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB923232)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
ID3-TagIT 3
IL Download Manager
ImgBurn
InstantStorm 1.5
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 13.3.46.0
iTunes
iZotope Ozone 4
iZotope Vinyl
Java(TM) 6 Update 17
Legend of Zelda, The Ocarina of Time 1.10
LiveUpdate 2.0 (Symantec Corporation)
M-Audio Series II MIDI
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
ManyCam 2.5.48 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
Monkey's Audio
Move Media Player
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
PDF Settings
PoiZone
PowerDVD
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
REAPER
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Segoe UI
SimCity 2000® Special Edition
Smile
Sonic Activation Module
Steam
Symantec AntiVirus
System Requirements Lab
Tansee iPod Transfer v3.8
Toxic Biohazard
Uniblue DriverScanner 2009
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
VLC media player 1.0.3
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Hotfix - KB839210
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/1/2010 3:00:00 AM, error: Schedule [7901] - The At76.job command failed to start due to the following error: %%2147942402
8/1/2010 3:00:00 AM, error: Schedule [7901] - The At52.job command failed to start due to the following error: %%2147942402
8/1/2010 3:00:00 AM, error: Schedule [7901] - The At148.job command failed to start due to the following error: %%2147942402
8/1/2010 3:00:00 AM, error: Schedule [7901] - The At124.job command failed to start due to the following error: %%2147942402
8/1/2010 3:00:00 AM, error: Schedule [7901] - The At100.job command failed to start due to the following error: %%2147942402
8/1/2010 2:11:03 AM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
8/1/2010 2:04:44 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
8/1/2010 2:00:00 AM, error: Schedule [7901] - The At99.job command failed to start due to the following error: %%2147942402
8/1/2010 2:00:00 AM, error: Schedule [7901] - The At75.job command failed to start due to the following error: %%2147942402
8/1/2010 2:00:00 AM, error: Schedule [7901] - The At51.job command failed to start due to the following error: %%2147942402
8/1/2010 2:00:00 AM, error: Schedule [7901] - The At147.job command failed to start due to the following error: %%2147942402
8/1/2010 2:00:00 AM, error: Schedule [7901] - The At123.job command failed to start due to the following error: %%2147942402
8/1/2010 12:28:00 AM, error: Schedule [7901] - The At49.job command failed to start due to the following error: %%2147942402
8/1/2010 12:21:00 AM, error: Schedule [7901] - The At73.job command failed to start due to the following error: %%2147942402
8/1/2010 12:10:00 AM, error: Schedule [7901] - The At121.job command failed to start due to the following error: %%2147942402
8/1/2010 12:05:00 AM, error: Schedule [7901] - The At97.job command failed to start due to the following error: %%2147942402
8/1/2010 1:00:00 AM, error: Schedule [7901] - The At98.job command failed to start due to the following error: %%2147942402
8/1/2010 1:00:00 AM, error: Schedule [7901] - The At74.job command failed to start due to the following error: %%2147942402
8/1/2010 1:00:00 AM, error: Schedule [7901] - The At50.job command failed to start due to the following error: %%2147942402
8/1/2010 1:00:00 AM, error: Schedule [7901] - The At122.job command failed to start due to the following error: %%2147942402
7/31/2010 9:52:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Password Validation service to connect.
7/31/2010 9:48:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
7/31/2010 9:48:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
7/31/2010 9:28:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/31/2010 9:01:48 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
7/31/2010 9:01:45 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
7/31/2010 9:01:38 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/31/2010 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
7/31/2010 8:48:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
7/31/2010 8:48:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
7/31/2010 8:04:08 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 2 time(s).
7/31/2010 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
7/31/2010 7:48:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
7/31/2010 7:48:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
7/31/2010 7:12:39 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
7/31/2010 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
7/31/2010 6:48:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
7/31/2010 6:48:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
7/31/2010 6:03:45 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
7/31/2010 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
7/31/2010 5:48:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
7/31/2010 5:48:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
7/31/2010 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
7/31/2010 4:48:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
7/31/2010 4:48:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
7/31/2010 4:30:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVRT TfFsMon TfSysMon
7/31/2010 4:29:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/31/2010 4:12:06 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.3676.
7/31/2010 4:12:06 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
7/31/2010 4:06:14 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
7/31/2010 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
7/31/2010 3:51:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/31/2010 3:48:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/31/2010 3:48:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
7/31/2010 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
7/31/2010 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
7/31/2010 2:48:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
7/31/2010 2:48:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
7/31/2010 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
7/31/2010 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
7/31/2010 12:58:23 AM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
7/31/2010 12:48:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
7/31/2010 12:48:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
7/31/2010 12:18:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
7/31/2010 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
7/31/2010 11:48:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
7/31/2010 11:48:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
7/31/2010 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
7/31/2010 10:48:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
7/31/2010 10:48:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
7/31/2010 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
7/31/2010 1:48:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
7/31/2010 1:48:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
7/31/2010 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
7/31/2010 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
7/30/2010 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
7/27/2010 9:22:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 9:18:27 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2010 9:18:27 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2010 9:18:27 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
7/27/2010 9:18:27 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/27/2010 10:36:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/26/2010 9:54:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
7/26/2010 9:54:44 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
7/26/2010 9:54:44 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
7/26/2010 9:54:36 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/26/2010 9:54:36 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/25/2010 2:03:13 PM, error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

PeteC · 2010/08/01

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

JMabord · 2010/08/01

Yeah utorrent is the first thing I removed, I'm not sure why it's still showing up.

It was still in my CCleaner uninstall log, but I've went ahead and deleted it fully, since the client itself didn't do such a good job of it.

The exe that keeps popping up is "eR567F46.exe "

Here is it's command line.
C:\Documents and Settings\All Users\Application Data\eR567F46.exe

I've deleted it several times, but it keeps popping up.

I also can't get updates for Superantispyware or PCdoctor.

Ah that would also explain why I haven't been able to download or install the new OS for my ipod touch. It can never connect to the itunes server.

broni · 2010/08/01

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

JMabord · 2010/08/01

exeHelper by Raktor
Build 20100414
Run at 15:04:43 on 08/01/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 15:06:54 on 08/01/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

broni · 2010/08/01

Ok

JMabord · 2010/08/01

I did the combo fix and it asked me to turn off Symantec Internet Security which I did. Then it told me it was going to disable any virtual drives, so it restarted and it was just a blue dos box telling me it was checking my system and should take 10 minutes and possibly double depending on the number of viruses. I think when it restarted, it also restarted the Symantec Internet Security so it just got stuck on that blue screen for 2 hours, until I decided to restart my computer.

broni · 2010/08/01

Re-run Combofix.

JMabord · 2010/08/01

I re ran it and it keeps getting stuck at the blue screen.

broni · 2010/08/01

Restart in safe mode.
Run rKill, exehelper and then Combofix.

JMabord · 2010/08/01

ComboFix 10-07-31.04 - Joseph 08/01/2010 18:52:18.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.688 [GMT -5:00]
Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-08-01 14:35 . 2010-08-01 14:35 63488 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-01 14:35 . 2010-08-01 14:35 52224 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-01 14:35 . 2010-08-01 14:35 117760 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com
2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-01 14:34 . 2010-08-01 14:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 22:06 . 2010-06-01 16:44 3907584 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-07-31 22:06 . 2010-01-25 16:58 462848 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-07-31 22:06 . 2010-01-15 19:26 70984 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-07-31 22:06 . 2010-01-15 19:25 864256 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-07-31 22:06 . 2010-01-15 19:25 315392 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-07-31 22:06 . 2010-01-15 19:25 372736 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-07-31 21:58 . 2010-07-31 21:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-07-28 21:23 . 2010-07-28 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-28 21:23 . 2010-07-28 21:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-25 22:50 . 2010-07-25 22:50 -------- d-----w- c:\program files\Bungie
2010-07-22 21:37 . 2010-07-23 16:46 -------- d-----w- c:\documents and settings\Joseph\Application Data\Bitrix Security
2010-07-22 21:37 . 2010-07-22 21:37 51712 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto.dll
2010-07-22 21:37 . 2010-07-22 21:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bitrix Security
2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-21 17:24 . 2010-07-21 17:24 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-21 04:47 . 2010-07-21 14:08 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\ManyCam
2010-07-21 04:47 . 2010-07-21 04:47 -------- d-----w- c:\program files\ManyCam
2010-07-21 04:30 . 2010-07-21 04:30 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-21 04:19 . 2010-07-21 04:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-07-21 04:15 . 2010-07-21 04:15 120 ----a-w- c:\windows\Awaxanuvazijuq.dat
2010-07-21 04:15 . 2010-07-21 04:15 0 ----a-w- c:\windows\Bvorivufep.bin
2010-07-21 04:15 . 2010-08-01 23:59 768000 ----a-w- c:\windows\system32\drivers\quupcxe.sys
2010-07-21 04:14 . 2010-07-21 04:30 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\tasalmviw
2010-07-21 04:13 . 2010-07-21 04:13 -------- d-----w- c:\documents and settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB
2010-07-20 02:46 . 2010-07-20 02:48 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\Temp
2010-07-11 23:27 . 2010-07-11 23:38 24 ----a-w- C:\DUKE3D.BAT
2010-07-11 23:27 . 2010-07-11 23:27 -------- d-----w- C:\DUKE3D
2010-07-07 15:27 . 2010-07-07 15:50 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\krossjcuq
2010-07-04 03:43 . 2010-07-04 03:43 -------- d-----w- c:\program files\iPod
2010-07-04 03:43 . 2010-07-04 03:45 -------- d-----w- c:\program files\iTunes
2010-07-04 03:39 . 2010-08-01 19:54 -------- d-----w- c:\program files\QuickTime
2010-07-04 03:27 . 2010-07-04 03:27 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 23:16 . 2009-01-08 01:31 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-01 06:53 . 2009-01-10 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 03:47 . 2010-07-01 21:40 -------- d-----w- c:\program files\REAPER
2010-08-01 02:27 . 2009-01-09 20:40 -------- d-----w- c:\program files\uTorrent
2010-08-01 02:27 . 2009-01-09 20:40 -------- d-----w- c:\documents and settings\Joseph\Application Data\uTorrent
2010-08-01 00:11 . 2009-01-08 01:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-30 03:20 . 2009-01-17 00:37 -------- d-----w- c:\documents and settings\Joseph\Application Data\U3
2010-07-24 14:08 . 2010-05-10 03:34 -------- d-----w- c:\program files\Steam
2010-07-21 04:47 . 2010-02-16 04:54 -------- d-----w- c:\documents and settings\Joseph\Application Data\ManyCam
2010-07-10 23:07 . 2010-07-01 21:41 -------- d-----w- c:\documents and settings\Joseph\Application Data\REAPER
2010-07-04 03:43 . 2009-01-10 01:48 -------- d-----w- c:\program files\Common Files\Apple
2010-07-04 03:35 . 2009-01-10 01:49 -------- d-----w- c:\program files\Bonjour
2010-07-01 13:55 . 2009-01-09 17:02 -------- d-----w- c:\program files\2Wire
2010-06-30 04:02 . 2009-01-08 03:21 71944 ----a-w- c:\documents and settings\Joseph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-26 00:14 . 2009-06-03 02:57 46 ----a-w- c:\documents and settings\Joseph\jagex_runescape_preferences.dat
2010-06-26 00:13 . 2010-06-26 00:02 99 ----a-w- c:\documents and settings\Joseph\jagex_runescape_preferences2.dat
2010-06-26 00:02 . 2010-06-26 00:02 0 ----a-w- c:\documents and settings\Joseph\jagex__preferences3.dat
2010-06-21 05:00 . 2010-06-21 05:00 -------- d-----w- c:\program files\Conduit
2010-06-21 04:59 . 2010-06-21 04:59 -------- d-----w- c:\program files\ARM Software
2010-06-17 04:36 . 2010-06-17 04:36 -------- d-----w- c:\program files\Nem's Tools
2010-06-15 18:55 . 2010-01-01 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-15 18:52 . 2010-01-22 17:42 -------- d-----w- c:\documents and settings\Joseph\Application Data\vlc
2010-06-08 05:00 . 2009-01-10 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-08 04:54 . 2009-01-08 01:17 -------- d-----w- c:\program files\Microsoft Works
2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\documents and settings\Joseph\Application Data\AdobeUM
2010-06-07 21:27 . 2009-01-18 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-07 21:26 . 2009-01-08 01:31 -------- d-----w- c:\program files\Symantec
2010-06-06 21:36 . 2009-01-08 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 21:35 . 2010-05-31 18:00 -------- d-----w- c:\program files\Opera
2010-06-06 21:33 . 2009-03-08 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-06 21:33 . 2009-03-08 04:53 -------- d-----w- c:\program files\AVS4YOU
2010-06-06 21:32 . 2009-06-02 18:53 -------- d-----w- c:\program files\Any Video Converter Professional
2010-06-06 21:32 . 2009-06-02 18:53 -------- d-----w- c:\documents and settings\Joseph\Application Data\Any Video Converter Professional
2010-05-23 22:50 . 2010-05-28 21:53 73216 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
Code:
<pre>
c:\program files\BroadJump\Client Foundation\CFD .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask        .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-10-21 143360]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-10-21 172032]
"RTHDCPL "= "RTHDCPL.EXE" [2008-10-28 17331200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-7 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1 "=ma_cmidn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Joseph\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta]
ikmip.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-10 03:35 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/9/2009 3:13 PM 24652]
S3 cpuz130;cpuz130;\??\c:\docume~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 3:19 PM 153416]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 11:39 PM 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - quupcxe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{760B8973-48F7-40B2-B360-F7ABD8785E50}]
2010-07-22 21:37 51712 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto.dll
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://losthighwayrecords.fancorps.com/includes/ImageUploaderPHP/Scripts/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.reddit.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FL Studio 8 - m:\documents\Fl\uninstall.exe
AddRemove-Legend of Zelda, The Ocarina of Time 1.10 - c:\program files\HDSoft® HDSoftCo@Gmail.com\Legend of Zelda

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 18:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\quupcxe]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
@DACL=(02 0000)
"PDVDDXSrv "= "\ "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange "= "1 "
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed "= "1 "
@=" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\l3codeca.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\sirenacm.dll
.
Completion time: 2010-08-01 19:02:25
ComboFix-quarantined-files.txt 2010-08-02 00:02

Pre-Run: 57,278,681,088 bytes free
Post-Run: 57,238,261,760 bytes free

- - End Of File - - 4CD86DB4707F8C7D78F5CDDEECAF06AA

JMabord · 2010/08/01

I don't understand why utorrent keeps popping up in these diagnostics. I uninstalled it already.

EDIT: It was just an empty folder. Also my firewall is back up and I was able to update my spyware.

So far so good.

broni · 2010/08/01

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Awaxanuvazijuq.dat
c:\windows\Bvorivufep.bin
c:\windows\system32\drivers\quupcxe.sys


Folder::
c:\documents and settings\Joseph\Local Settings\Application Data\tasalmviw
c:\documents and settings\Joseph\Local Settings\Application Data\krossjcuq


DirLook::
c:\documents and settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB

RenV::
c:\program files\BroadJump\Client Foundation\CFD .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask        .exe

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Driver::
quupcxe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring "=-
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\quupcxe]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

JMabord · 2010/08/01

ComboFix 10-07-31.04 - Joseph 08/01/2010 20:03:22.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.791 [GMT -5:00]
Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joseph\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\Awaxanuvazijuq.dat "
"c:\windows\Bvorivufep.bin "
"c:\windows\system32\drivers\quupcxe.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Joseph\Local Settings\Application Data\krossjcuq
c:\documents and settings\Joseph\Local Settings\Application Data\tasalmviw
c:\windows\Awaxanuvazijuq.dat
c:\windows\Bvorivufep.bin
c:\windows\system32\drivers\quupcxe.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QUUPCXE
-------\Service_quupcxe

((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-01 14:35 . 2010-08-02 00:30 63488 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-01 14:35 . 2010-08-01 14:35 52224 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-01 14:35 . 2010-08-02 00:30 117760 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com
2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-01 14:34 . 2010-08-01 14:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 22:06 . 2010-06-01 16:44 3907584 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-07-31 22:06 . 2010-01-25 16:58 462848 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-07-31 22:06 . 2010-01-15 19:26 70984 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-07-31 22:06 . 2010-01-15 19:25 864256 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-07-31 22:06 . 2010-01-15 19:25 315392 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-07-31 22:06 . 2010-01-15 19:25 372736 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-07-31 21:58 . 2010-07-31 21:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-07-28 21:23 . 2010-07-28 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-28 21:23 . 2010-07-28 21:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-25 22:50 . 2010-07-25 22:50 -------- d-----w- c:\program files\Bungie
2010-07-22 21:37 . 2010-07-23 16:46 -------- d-----w- c:\documents and settings\Joseph\Application Data\Bitrix Security
2010-07-22 21:37 . 2010-07-22 21:37 51712 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto.dll
2010-07-22 21:37 . 2010-07-22 21:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bitrix Security
2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-21 17:24 . 2010-07-21 17:24 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-21 04:47 . 2010-07-21 14:08 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\ManyCam
2010-07-21 04:47 . 2010-07-21 04:47 -------- d-----w- c:\program files\ManyCam
2010-07-21 04:30 . 2010-07-21 04:30 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-21 04:19 . 2010-07-21 04:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-07-21 04:13 . 2010-07-21 04:13 -------- d-----w- c:\documents and settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB
2010-07-20 02:46 . 2010-07-20 02:48 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\Temp
2010-07-11 23:27 . 2010-07-11 23:38 24 ----a-w- C:\DUKE3D.BAT
2010-07-11 23:27 . 2010-07-11 23:27 -------- d-----w- C:\DUKE3D
2010-07-04 03:43 . 2010-07-04 03:43 -------- d-----w- c:\program files\iPod
2010-07-04 03:43 . 2010-07-04 03:45 -------- d-----w- c:\program files\iTunes
2010-07-04 03:39 . 2010-08-02 01:03 -------- d-----w- c:\program files\QuickTime
2010-07-04 03:27 . 2010-07-04 03:27 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 01:35 . 2009-01-08 01:31 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-02 01:03 . 2009-01-10 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 01:03 . 2009-01-08 01:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-01 03:47 . 2010-07-01 21:40 -------- d-----w- c:\program files\REAPER
2010-08-01 02:27 . 2009-01-09 20:40 -------- d-----w- c:\documents and settings\Joseph\Application Data\uTorrent
2010-07-30 03:20 . 2009-01-17 00:37 -------- d-----w- c:\documents and settings\Joseph\Application Data\U3
2010-07-24 14:08 . 2010-05-10 03:34 -------- d-----w- c:\program files\Steam
2010-07-21 04:47 . 2010-02-16 04:54 -------- d-----w- c:\documents and settings\Joseph\Application Data\ManyCam
2010-07-10 23:07 . 2010-07-01 21:41 -------- d-----w- c:\documents and settings\Joseph\Application Data\REAPER
2010-07-04 03:43 . 2009-01-10 01:48 -------- d-----w- c:\program files\Common Files\Apple
2010-07-04 03:35 . 2009-01-10 01:49 -------- d-----w- c:\program files\Bonjour
2010-07-01 13:55 . 2009-01-09 17:02 -------- d-----w- c:\program files\2Wire
2010-06-30 04:02 . 2009-01-08 03:21 71944 ----a-w- c:\documents and settings\Joseph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-26 00:14 . 2009-06-03 02:57 46 ----a-w- c:\documents and settings\Joseph\jagex_runescape_preferences.dat
2010-06-26 00:13 . 2010-06-26 00:02 99 ----a-w- c:\documents and settings\Joseph\jagex_runescape_preferences2.dat
2010-06-26 00:02 . 2010-06-26 00:02 0 ----a-w- c:\documents and settings\Joseph\jagex__preferences3.dat
2010-06-21 05:00 . 2010-06-21 05:00 -------- d-----w- c:\program files\Conduit
2010-06-21 04:59 . 2010-06-21 04:59 -------- d-----w- c:\program files\ARM Software
2010-06-17 04:36 . 2010-06-17 04:36 -------- d-----w- c:\program files\Nem's Tools
2010-06-15 18:55 . 2010-01-01 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-15 18:52 . 2010-01-22 17:42 -------- d-----w- c:\documents and settings\Joseph\Application Data\vlc
2010-06-08 05:00 . 2009-01-10 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-08 04:54 . 2009-01-08 01:17 -------- d-----w- c:\program files\Microsoft Works
2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\documents and settings\Joseph\Application Data\AdobeUM
2010-06-07 21:27 . 2009-01-18 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-07 21:26 . 2009-01-08 01:31 -------- d-----w- c:\program files\Symantec
2010-06-06 21:36 . 2009-01-08 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 21:35 . 2010-05-31 18:00 -------- d-----w- c:\program files\Opera
2010-06-06 21:33 . 2009-03-08 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-06 21:33 . 2009-03-08 04:53 -------- d-----w- c:\program files\AVS4YOU
2010-06-06 21:32 . 2009-06-02 18:53 -------- d-----w- c:\program files\Any Video Converter Professional
2010-06-06 21:32 . 2009-06-02 18:53 -------- d-----w- c:\documents and settings\Joseph\Application Data\Any Video Converter Professional
2010-05-23 22:50 . 2010-05-28 21:53 73216 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB ----

((((((((((((((((((((((((((((( SnapShot@2010-08-01_23.59.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-02 01:14 . 2010-08-02 01:14 16384 c:\windows\temp\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-10-21 143360]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-10-21 172032]
"RTHDCPL "= "RTHDCPL.EXE" [2008-10-28 17331200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-7 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1 "=ma_cmidn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Joseph\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-10 03:35 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/9/2009 3:13 PM 24652]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 3:19 PM 153416]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 11:39 PM 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{760B8973-48F7-40B2-B360-F7ABD8785E50}]
2010-07-22 21:37 51712 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://losthighwayrecords.fancorps.com/includes/ImageUploaderPHP/Scripts/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.reddit.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-sta - ikmip.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 20:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D84EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7614fc3
\Driver\ACPI -> ACPI.sys @ 0xf7487cb8
\Driver\atapi -> atapi.sys @ 0xf737d7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel(R) 82562V-2 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7272ba0
PacketIndicateHandler -> NDIS.sys @ 0xf727fb21
SendHandler -> NDIS.sys @ 0xf725d87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
@DACL=(02 0000)
"PDVDDXSrv "= "\ "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange "= "1 "
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed "= "1 "
@=" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1060)
c:\windows\system32\hnetcfg.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-01 20:39:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-02 01:39
ComboFix2.txt 2010-08-02 00:02

Pre-Run: 57,223,905,280 bytes free
Post-Run: 57,226,100,736 bytes free

- - End Of File - - E03FBC5C3BE7C7E2A7157F28D9D57D0E

broni · 2010/08/01

Very good

Restart in normal mode, delete your Combofix file, download fresh one and post new log.
It should run in normal mode now.

JMabord · 2010/08/01

I will do that, but real quick update. It seems whenever I go to google whatever link I click on takes me to some random website that isn't what I clicked on.

Log in or Sign up

Inactive IE keeps randomly popping up

JMabord Inactive Thread Starter

PeteC SuperGeek Staff

JMabord Inactive Thread Starter

JMabord Inactive Thread Starter

JMabord Inactive Thread Starter

PeteC SuperGeek Staff

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive IE keeps randomly popping up

JMabord Inactive Thread Starter

PeteC SuperGeek Staff

JMabord Inactive Thread Starter

JMabord Inactive Thread Starter

JMabord Inactive Thread Starter

PeteC SuperGeek Staff

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

broni Moderator Malware Analyst

JMabord Inactive Thread Starter

Share This Page

Useful Searches