Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Something is very wrong with pc it takes ...
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Tag Cloud
access acer asus batch bios bsod crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Background Ads (Sound) (In Progress)

Reply  
Thread Tools
Drewmanji's Avatar
Junior Member with 4 posts.
  
Join Date: Jul 2010
29-Jul-2010, 02:53 AM #1
Background Ads (Sound)
Been having a great deal of background ads (all sound for the most part) over the last day and a half, and to no avail of fixing it with the basic stuff. Going a step further before it get's too out of hand.

Went through a few threads and got some logs ready to go...

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:45 AM, on 7/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Drew
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5111/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetTwo2\ComUtilities.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7552 bytes


MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4365

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/29/2010 12:19:19 AM
mbam-log-2010-07-29 (00-19-19).txt

Scan type: Quick scan
Objects scanned: 154019
Time elapsed: 14 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\op en\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Drew\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBR Check

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 23:50:28
Windows 5.1.2600 Service Pack 2
Running: h0cdwnv1.exe; Driver: C:\DOCUME~1\Drew\LOCALS~1\Temp\kftdapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB3E53CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB3E53B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB3E54142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB3E5406C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB3E53764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB3E53C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB3E536A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB3E53708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB3E53D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB3E54210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB3E53D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB3E53EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB3E60B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB3E609C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB3E60AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80582DFE 7 Bytes JMP B3E60AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9DEE 7 Bytes JMP B3E609C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP B3E5C5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP B3E5DF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP B3E60BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BFB3A0, 0x592C35, 0xE8000020]
init C:\WINDOWS\system32\drivers\p17xfilt.sys entry point in "init" section [0xB68FBEB0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5832] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
a
---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5772


DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Drew at 23:42:50.46 on Wed 07/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.797 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB300N\WLService.exe
svchost.exe 4
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Drew\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uWindow Title = Drew
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [NudgeMania] c:\program files\nudgemania\NudgeMania.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\drew\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\drew\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnettwo2\ComUtilities.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\drew\applic~1\mozilla\firefox\profiles\6zwid6id.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.epitome-guild.com/forum.php
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\drew\application data\mozilla\firefox\profiles\6zwid6id.default\extensions\devicedetection@l ogitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-28 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-28 165456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-15 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-15 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-7-27 13696]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-1-9 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-28 40384]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-15 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-15 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2010-6-2 53307]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-28 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-28 38224]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-28 40384]
S3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]

=============== Created Last 30 ================

2010-07-29 04:22:19 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-29 03:21:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-29 01:58:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-29 01:58:01 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-29 01:34:48 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-29 01:34:22 0 d-----w- c:\program files\Lavasoft
2010-07-28 21:56:44 38848 ----a-w- c:\windows\avastSS.scr
2010-07-28 21:56:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-28 21:08:44 0 d-sh--w- c:\documents and settings\drew\PrivacIE
2010-07-28 13:47:51 0 d-----w- c:\docume~1\drew\applic~1\Malwarebytes
2010-07-28 13:47:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 13:47:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-28 13:47:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 13:47:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 13:37:02 0 d-----w- c:\program files\Trend Micro
2010-07-28 04:12:51 0 d-sh--w- c:\documents and settings\drew\IETldCache
2010-07-28 01:43:39 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-07-28 01:43:39 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-07-28 01:43:39 68608 ----a-w- c:\windows\system32\plugin.ocx
2010-07-28 01:43:39 68608 ----a-w- c:\windows\system32\dllcache\plugin.ocx
2010-07-28 01:13:02 0 d--h--w- c:\windows\$hf_mig$
2010-07-27 05:35:51 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 05:35:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-20 07:49:25 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-20 07:49:18 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-20 07:49:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-20 07:49:18 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-20 07:47:17 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-07-27 05:54:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-27 05:54:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-27 05:54:14 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 18:19:44 95492 ----a-w- c:\windows\fonts\DraconianTypewritter001.ttf
2010-07-14 16:31:58 26372 ----a-w- c:\windows\fonts\CONFUSION GIRL.ttf
2010-06-07 23:57:00 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57:00 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 22:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 22:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 22:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 22:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 22:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 22:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe

============= FINISH: 23:43:54.53 ===============


ATTACH.TXT from DDS


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2010 11:46:10 PM
System Uptime: 7/28/2010 11:03:27 PM (0 hours ago)

Motherboard: BIOSTAR Group | | T41 HD
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2331/333mhz
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2331/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 410.294 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_820F1565&REV_01\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_820F1565&REV_01\3&11583659&0&D8
Service:

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_23091565&REV_03\4&293AFFCC&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_23091565&REV_03\4&293AFFCC&0&00E0
Service:

==== System Restore Points ===================

RP114: 4/30/2010 8:59:10 AM - System Checkpoint
RP115: 4/30/2010 9:50:25 PM - Removed Bloodline Champions Beta
RP116: 4/30/2010 9:53:12 PM - Installed Bloodline Champions Beta
RP117: 5/2/2010 5:03:29 AM - System Checkpoint
RP118: 5/3/2010 5:39:42 AM - System Checkpoint
RP119: 5/4/2010 6:38:37 AM - System Checkpoint
RP120: 5/5/2010 6:52:03 AM - System Checkpoint
RP121: 5/6/2010 7:17:00 AM - System Checkpoint
RP122: 7/27/2009 1:07:23 AM - Avg8 Update
RP123: 7/27/2009 1:14:38 AM - Avg Update
RP124: 7/28/2009 1:18:41 PM - System Checkpoint
RP125: 7/27/2009 4:40:36 AM - System Checkpoint
RP126: 7/28/2009 7:20:40 AM - System Checkpoint
RP127: 7/29/2009 8:36:43 AM - System Checkpoint
RP128: 7/29/2009 6:38:17 PM - Logitech Webcam Software v12.10.1110
RP129: 7/27/2009 12:14:05 AM - Installed Windows XP KB916089.
RP130: 7/27/2009 12:14:34 AM - Installed Logitech High Quality Video.
RP131: 5/15/2010 7:47:04 PM - System Checkpoint
RP132: 5/17/2010 9:25:34 AM - System Checkpoint
RP133: 5/18/2010 9:49:44 AM - System Checkpoint
RP134: 5/19/2010 11:13:30 AM - System Checkpoint
RP135: 5/20/2010 11:50:44 AM - System Checkpoint
RP136: 5/22/2010 1:34:50 PM - System Checkpoint
RP137: 5/23/2010 1:50:45 PM - System Checkpoint
RP138: 5/24/2010 5:04:47 PM - System Checkpoint
RP139: 5/26/2010 7:38:17 AM - System Checkpoint
RP140: 5/27/2010 7:52:56 AM - System Checkpoint
RP141: 5/28/2010 1:42:17 PM - System Checkpoint
RP142: 5/29/2010 4:48:22 PM - System Checkpoint
RP143: 5/30/2010 5:05:59 PM - System Checkpoint
RP144: 6/1/2010 4:29:14 AM - System Checkpoint
RP145: 6/2/2010 5:07:07 AM - System Checkpoint
RP146: 6/3/2010 5:11:29 AM - System Checkpoint
RP147: 6/4/2010 5:23:04 AM - System Checkpoint
RP148: 6/5/2010 6:14:05 AM - System Checkpoint
RP149: 6/6/2010 7:14:05 AM - System Checkpoint
RP150: 6/7/2010 7:15:15 AM - System Checkpoint
RP151: 6/8/2010 7:30:02 AM - System Checkpoint
RP152: 6/9/2010 8:21:20 AM - System Checkpoint
RP153: 6/10/2010 9:16:19 AM - System Checkpoint
RP154: 6/11/2010 10:16:17 AM - System Checkpoint
RP155: 6/12/2010 4:40:28 PM - System Checkpoint
RP156: 6/14/2010 5:05:15 AM - System Checkpoint
RP157: 6/15/2010 5:18:20 AM - System Checkpoint
RP158: 6/16/2010 5:19:25 AM - System Checkpoint
RP159: 6/17/2010 5:22:17 AM - System Checkpoint
RP160: 6/18/2010 6:22:17 AM - System Checkpoint
RP161: 6/19/2010 6:23:25 AM - System Checkpoint
RP162: 6/20/2010 7:23:26 AM - System Checkpoint
RP163: 6/21/2010 7:24:36 AM - System Checkpoint
RP164: 6/22/2010 8:24:36 AM - System Checkpoint
RP165: 6/23/2010 9:44:07 AM - System Checkpoint
RP166: 6/24/2010 10:25:10 AM - System Checkpoint
RP167: 6/25/2010 11:19:58 AM - System Checkpoint
RP168: 6/26/2010 12:07:21 PM - System Checkpoint
RP169: 6/27/2010 10:07:54 PM - System Checkpoint
RP170: 6/29/2010 1:47:32 AM - System Checkpoint
RP171: 6/30/2010 2:26:31 AM - System Checkpoint
RP172: 7/1/2010 2:48:04 AM - System Checkpoint
RP173: 7/2/2010 3:48:04 AM - System Checkpoint
RP174: 7/3/2010 3:49:12 AM - System Checkpoint
RP175: 7/4/2010 4:01:12 AM - System Checkpoint
RP176: 7/5/2010 4:50:18 AM - System Checkpoint
RP177: 7/6/2010 5:33:47 AM - System Checkpoint
RP178: 7/7/2010 5:39:56 AM - System Checkpoint
RP179: 7/8/2010 5:40:25 AM - System Checkpoint
RP180: 7/9/2010 5:55:55 AM - System Checkpoint
RP181: 7/10/2010 6:41:29 AM - System Checkpoint
RP182: 7/27/2009 12:21:47 PM - System Checkpoint
RP183: 7/28/2009 12:50:13 PM - System Checkpoint
RP184: 7/29/2009 1:50:13 PM - System Checkpoint
RP185: 7/13/2010 4:43:58 PM - System Checkpoint
RP186: 7/14/2010 5:36:31 PM - System Checkpoint
RP187: 7/16/2010 1:24:23 AM - System Checkpoint
RP188: 7/17/2010 1:47:06 AM - System Checkpoint
RP189: 7/18/2010 2:47:06 AM - System Checkpoint
RP190: 7/19/2010 3:47:06 AM - System Checkpoint
RP191: 7/20/2010 4:42:46 AM - System Checkpoint
RP192: 7/21/2010 4:51:10 AM - System Checkpoint
RP193: 7/22/2010 4:56:32 AM - System Checkpoint
RP194: 7/23/2010 5:56:29 AM - System Checkpoint
RP195: 7/24/2010 7:47:10 PM - System Checkpoint
RP196: 7/26/2010 5:36:33 AM - System Checkpoint
RP197: 7/27/2010 12:53:02 AM - Configured AVG Free 9.0
RP198: 7/27/2010 1:08:29 AM - Avg Update
RP199: 7/27/2010 8:13:14 PM - Installed Windows XP KB932823-v3.
RP200: 7/27/2010 8:45:13 PM - Installed Windows Internet Explorer 8.
RP201: 7/28/2010 4:20:03 PM - Removed Skype Toolbars
RP202: 7/28/2010 4:56:37 PM - avast! Free Antivirus Setup
RP203: 7/28/2010 5:30:39 PM - Restore Operation
RP204: 7/28/2010 11:21:19 PM - Installed Java(TM) 6 Update 21

==== Installed Programs ======================

Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Fireworks CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
AIM 7
AIM Search
AIM Toolbar
Akamai NetSession Interface
Apple Application Support
Apple Software Update
AutoIt v3.3.4.0
avast! Free Antivirus
AVG Free 9.0
BitTorrent
Bloodline Champions Beta
Creative Audio Console
Creative Software AutoUpdate
DH Driver Cleaner Professional Edition
DivX Setup
Download Updater (AOL LLC)
Driver Manager v1.02
Driver Reviver
Driver Sweeper 2.1.0
EVGA Precision 1.9.1
GOM Player
Google Talk (remove only)
Heroes of Newerth
HijackThis 2.0.2
Hotfix for Windows XP (KB916089)
Java Auto Updater
Java(TM) 6 Update 21
LimeWire 5.4.6
Linksys Wireless-N USB Network Adapter WUSB300N
Logitech High Quality Video
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 6.0 Parser (KB933579)
NavNet
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
Nvidia Omega Drivers v2.169.21 Setup Files
NVIDIA PhysX
QuickTime
Segoe UI
Skype™ 4.2
Spybot - Search & Destroy
System Requirements Lab
Update for Windows XP (KB932823-v3)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Logs Client
Wurm Online 2.7.1d
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/28/2010 5:32:13 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 804fec8c.
7/28/2010 5:32:08 PM, error: System Error [1003] - Error code 10000050, parameter1 e462c000, parameter2 00000000, parameter3 805812a9, parameter4 00000001.
7/28/2010 5:09:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi AvgLdx86 AvgMfx86 AvgTdiX BIOS Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/28/2010 2:52:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/28/2010 2:52:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2010 2:51:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX BIOS Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/28/2010 2:51:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2010 2:51:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2010 2:51:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2010 2:51:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2010 2:25:56 PM, error: Service Control Manager [7031] - The WUSB300NSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/27/2010 12:21:10 AM, error: Service Control Manager [7000] - The AVG9IDSAgent service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
Register for free to hide this ad!
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Jul-2010, 07:18 AM #2
this is a beta version of combofix that will hopefully cure this but it isn't guaranteed to
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Drewmanji's Avatar
Junior Member with 4 posts.
  
Join Date: Jul 2010
29-Jul-2010, 09:25 AM #3
Did this just before work, will not be able to watch to see what happens (8 hr work day incoming). However, here is the log. Thank you for the quick response, hopefully this fixed it!

ComboFix 10-07-27.04 - Drew 07/29/2010 7:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1531 [GMT -5:00]
Running from: c:\documents and settings\Drew\My Documents\Downloads\wCFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
C:\test.txt

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 06:39 . 2010-07-29 06:40 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-29 06:38 . 2010-07-29 06:38 -------- d-----w- C:\1e3ba4bc59136b38c458606de44f24
2010-07-29 04:22 . 2010-07-29 04:22 503808 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b024842-n\msvcp71.dll
2010-07-29 04:22 . 2010-07-29 04:22 499712 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b024842-n\jmc.dll
2010-07-29 04:22 . 2010-07-29 04:22 348160 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b024842-n\msvcr71.dll
2010-07-29 04:22 . 2010-07-29 04:22 -------- d-----w- c:\program files\Common Files\Java
2010-07-29 04:22 . 2010-07-29 04:22 61440 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66c8c267-n\decora-sse.dll
2010-07-29 04:22 . 2010-07-29 04:22 12800 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66c8c267-n\decora-d3d.dll
2010-07-29 04:22 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-29 03:21 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-29 01:58 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-29 01:58 . 2010-07-29 01:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-29 01:35 . 2010-07-29 01:35 -------- d-----w- c:\documents and settings\Drew\Local Settings\Application Data\Sunbelt Software
2010-07-29 01:34 . 2010-07-29 01:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-29 01:34 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-29 01:34 . 2010-07-29 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-29 01:34 . 2010-07-29 01:34 -------- d-----w- c:\program files\Lavasoft
2010-07-28 21:57 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-28 21:57 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-28 21:56 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-28 21:56 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-28 21:56 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-28 21:56 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-28 21:56 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-28 21:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-28 21:56 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-28 21:56 . 2010-07-28 21:56 -------- d-----w- c:\program files\Alwil Software
2010-07-28 21:56 . 2010-07-28 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-28 21:08 . 2010-07-28 21:08 -------- d-sh--w- c:\documents and settings\Drew\PrivacIE
2010-07-28 20:52 . 2010-07-28 20:52 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-28 19:51 . 2010-07-28 19:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-28 13:47 . 2010-07-28 13:47 -------- d-----w- c:\documents and settings\Drew\Application Data\Malwarebytes
2010-07-28 13:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 13:47 . 2010-07-28 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-28 13:47 . 2010-07-28 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 13:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 13:37 . 2010-07-28 13:37 -------- d-----w- c:\program files\Trend Micro
2010-07-28 04:13 . 2010-07-28 04:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-28 04:13 . 2010-07-28 04:13 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-28 04:13 . 2010-07-28 04:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar
2010-07-28 04:13 . 2010-07-28 04:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-28 04:13 . 2010-07-28 04:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-28 04:12 . 2010-07-28 04:12 -------- d-sh--w- c:\documents and settings\Drew\IETldCache
2010-07-28 01:43 . 2010-01-09 22:19 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-07-28 01:43 . 2010-01-09 22:19 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-07-28 01:13 . 2010-07-29 06:39 -------- d--h--w- c:\windows\$hf_mig$
2010-07-27 06:08 . 2010-07-27 06:08 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-27 06:08 . 2010-07-27 06:08 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-27 06:08 . 2010-07-27 06:08 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-27 06:08 . 2010-07-27 06:08 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-27 06:08 . 2010-07-27 06:08 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-27 05:35 . 2010-07-27 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-27 05:35 . 2010-07-27 05:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 05:10 . 2010-07-27 05:56 -------- d-----w- c:\documents and settings\Drew\Local Settings\Application Data\wxqcsuvcb
2010-07-20 19:15 . 2010-07-20 19:15 -------- d-----w- c:\documents and settings\Drew\Local Settings\Application Data\Mumble
2010-07-20 07:49 . 2010-07-20 07:49 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-20 07:49 . 2010-07-20 07:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-20 07:49 . 2010-07-20 07:49 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 12:20 . 2010-05-21 20:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-29 12:03 . 2010-03-13 10:14 -------- d-----w- c:\documents and settings\Drew\Application Data\Skype
2010-07-29 06:42 . 2010-03-13 10:15 -------- d-----w- c:\documents and settings\Drew\Application Data\skypePM
2010-07-29 06:42 . 2010-02-08 20:56 -------- d-----w- c:\documents and settings\Drew\Application Data\LimeWire
2010-07-29 04:21 . 2010-01-22 03:19 -------- d-----w- c:\program files\Java
2010-07-28 22:25 . 2010-03-13 10:13 -------- d-----r- c:\program files\Skype
2010-07-28 01:43 . 2010-01-10 08:43 -------- d-----w- c:\program files\World of Warcraft
2010-07-27 05:55 . 2010-01-15 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-27 05:54 . 2010-01-15 13:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-27 05:54 . 2010-01-15 13:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-27 05:54 . 2010-01-15 13:29 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-27 05:54 . 2010-01-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-23 06:05 . 2010-01-10 16:32 15464 ----a-w- c:\documents and settings\Drew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-20 07:47 . 2010-01-10 07:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-20 07:43 . 2010-01-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-13 21:48 . 2010-06-11 08:31 -------- d-----w- c:\program files\Google
2010-06-27 14:05 . 2009-07-29 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-06-22 18:04 . 2010-01-10 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-20 19:50 . 2010-06-11 08:37 -------- d-----w- c:\documents and settings\Drew\Application Data\DivX
2010-06-19 23:29 . 2010-01-26 08:36 -------- d-----w- c:\documents and settings\Drew\Application Data\BitTorrent
2010-06-19 00:34 . 2010-06-19 00:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 20:52 . 2010-06-11 20:52 -------- d-----w- c:\documents and settings\Drew\Application Data\nswb
2010-06-11 16:10 . 2010-06-11 16:10 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 08:38 . 2010-06-11 08:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 08:38 . 2010-06-11 08:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 08:38 . 2010-06-11 08:30 -------- d-----w- c:\program files\DivX
2010-06-11 08:38 . 2010-06-11 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-11 08:38 . 2010-06-11 08:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 08:38 . 2010-06-11 08:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 08:30 . 2010-06-11 08:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-11 08:30 . 2010-06-11 08:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-07 23:57 . 2009-07-27 05:16 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2009-07-27 05:16 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57 . 2009-07-27 05:16 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2009-07-27 05:16 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2009-07-27 05:16 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2009-07-27 05:16 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2009-07-27 05:16 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2009-07-27 05:16 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2009-07-27 05:16 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57 . 2009-07-27 05:16 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2009-07-27 05:16 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2009-07-27 05:16 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 22:34 . 2010-06-07 22:34 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 22:34 . 2010-06-07 22:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 22:34 . 2010-06-07 22:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 22:34 . 2010-06-07 22:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 22:34 . 2010-06-07 22:34 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 22:34 . 2010-06-07 22:34 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-03 06:57 . 2010-06-03 06:56 317440 ----a-w- c:\documents and settings\Drew\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-06-02 19:10 . 2010-01-10 06:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 19:10 . 2010-06-02 19:10 -------- d-----w- c:\program files\Linksys
2010-06-02 19:10 . 2010-06-02 19:10 -------- d-----w- c:\documents and settings\Drew\Application Data\InstallShield
2010-05-25 02:32 . 2010-05-25 02:32 31232 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-38b91708-2.3.0--n\jinput-dx8.dll
2010-05-25 02:32 . 2010-05-25 02:32 29696 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-38b91708-2.3.0--n\jinput-raw.dll
2010-05-25 02:32 . 2010-05-25 02:32 237568 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-38b91708-2.3.0--n\lwjgl.dll
2010-05-25 02:32 . 2010-05-25 02:32 108032 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-38b91708-2.3.0--n\OpenAL32.dll
2010-05-25 02:32 . 2010-05-25 02:32 20480 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\20\68ca514-5b9143fa-1.0b06--n\gluegen-rt.dll
2010-05-25 02:32 . 2010-05-25 02:32 315392 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-2d53c556-1.1.1--n\jogl.dll
2010-05-25 02:32 . 2010-05-25 02:32 20480 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-2d53c556-1.1.1--n\jogl_awt.dll
2010-05-25 02:32 . 2010-05-25 02:32 114688 ----a-w- c:\documents and settings\Drew\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-2d53c556-1.1.1--n\jogl_cg.dll
2010-05-21 21:28 . 2010-05-22 01:46 38784 ----a-w- c:\documents and settings\Drew\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2009-12-01 3951976]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-27 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\documents and settings\Drew\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-27 05:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSISer ver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/28/2010 8:58 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/28/2010 4:57 PM 165456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/15/2010 8:29 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/15/2010 8:29 AM 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/27/2009 12:21 AM 13696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/9/2010 5:20 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/28/2010 4:57 PM 17744]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/15/2010 8:29 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/15/2010 8:29 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1352832]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/2/2010 2:10 PM 53307]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-07-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-DREWSKI-Drew.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-21 23:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Drew\Application Data\Mozilla\Firefox\Profiles\6zwid6id.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.epitome-guild.com/forum.php
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Drew\Application Data\Mozilla\Firefox\Profiles\6zwid6id.default\extensions\DeviceDetection@l ogitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-NudgeMania - c:\program files\NudgeMania\NudgeMania.exe
AddRemove-Driver Reviver - c:\program files\ReviverSoft\Driver Reviver\uninst.exe
AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 07:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,da,d6,e9,5f,7c,b7,47,b8,b1,29, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,da,d6,e9,5f,7c,b7,47,b8,b1,29, \
.
Completion time: 2010-07-29 07:22:17
ComboFix-quarantined-files.txt 2010-07-29 12:22

Pre-Run: 441,765,793,792 bytes free
Post-Run: 442,180,374,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FA7F4DA9FBFEA3F4B6594BE506F35F1D
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Jul-2010, 09:52 AM #4
Download the attached CFScript.txt and save it to the same palce as you saved combofix ( downloads folder)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Jul-2010, 10:07 AM #5
before you do that though, you have 3 antiviruses installed , AVG, Avast & MSE. Decide which ONE you want & uninstall the other 2
Drewmanji's Avatar
Junior Member with 4 posts.
  
Join Date: Jul 2010
29-Jul-2010, 06:50 PM #6
Just got home, did what you said with the antivirus programs.

Ran the script as directed, got a BSOD (IRQL_NOT_LESS_OR_EQUAL)

Rebooted back up, the script has disappeared from my folder.

What would you like me to do?
Drewmanji's Avatar
Junior Member with 4 posts.
  
Join Date: Jul 2010
29-Jul-2010, 11:14 PM #7
Just an update, no problems at all so far since doing all of this, looks golden. Thank you for the help!
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
30-Jul-2010, 04:27 AM #8
post the new combofix log please so we can see what else might need doing
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
IEExplorer Problem - Background Ads mrwag001 Virus & Other Malware Removal 16 24-Jul-2010 06:57 PM
Audio only adds in background, iexplorer is running on its own, it is updated Sylus Virus & Other Malware Removal 3 21-Jul-2010 09:01 AM
audio only background ads and some popups. also wave in the volume mixer resets to 0 Sylus Virus & Other Malware Removal 24 11-Jul-2010 07:38 AM
iexplore.exe running in background. 0per4t0r Virus & Other Malware Removal 0 31-Dec-2009 05:27 PM
iexlpore.exe - Ads running in background Awethentic1 Virus & Other Malware Removal 0 11-Sep-2009 02:44 AM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:54 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.