mal

no signs and thanks for your help. How do I uninstall sdfix?

Malwarebytes' Anti-Malware 1.33 Database version: 1718 Windows 5.1.2600 Service Pack 3 2009-02-03 17:05:50 mbam-log-2009-02-03 (17-05-50).txt Scan type: Quick Scan Objects scanned: 60048 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:09:59, on 2009-02-03 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LeechGet 2007\LeechGet.exe C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=3081&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2007\LeechGet.exe" -intray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: gwum.lnk = C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120721159640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136158358125 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 7581 bytes

o.k thanks for your help

from sdfix SDFix: Version 1.240 Run by Biff on 2009-02-02 at 11:16 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : AUTOEXEC.NT Restored from backups Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\service\30092008_TIS17_SfFniAU.log - Deleted C:\WINDOWS\system32\TFTP1968 - Deleted Folder C:\WINDOWS\system32\service - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 11:34:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Disabled:Neverwinter Nights" "C:\\NeverwinterNights\\NWN\\nwupdate.exe"="C:\\NeverwinterNights\\NWN\\nwupdate.exe:*:Disabled:NWN Update Program" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! what is TFTP1968? and how come nothing picked up this file?

ComboFix 09-01-31.01 - Biff 2009-02-01 10:39:23.10 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.603 [GMT 11:00] Running from: c:\documents and settings\Biff\Desktop\ComboFix.exe AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) FW: COMODO Firewall *enabled* FW: Trend Micro Personal Firewall *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OULTRAF ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))) . 2009-01-31 21:05 . 2009-01-31 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 21:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-31 21:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-31 20:40 . 2009-02-01 10:45 3,162,278 --a------ c:\windows\{00000002-00000000-00000000-00001102-00000004-00521102}.BAK 2009-01-31 20:32 . 2009-02-01 10:43 <DIR> d-------- c:\windows\system32\CatRoot2 2009-01-31 14:35 . 2009-01-31 20:35 250 --a------ c:\windows\gmer.ini 2009-01-26 12:44 . 2009-01-26 12:44 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-26 12:44 . 2009-01-26 12:44 1,409 --a------ c:\windows\QTFont.for 2009-01-26 12:41 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-26 12:41 . 2009-01-26 12:41 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-26 12:41 . 2009-01-26 12:41 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-24 13:35 . 2009-01-25 15:58 <DIR> d-------- C:\PAGESOFTREASURE_05 2009-01-13 17:20 . 2009-01-13 17:51 <DIR> d-------- c:\documents and settings\Biff\dwhelper 2008-12-13 20:54 . 2008-12-13 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia 2008-12-13 15:40 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2008-12-13 15:40 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2008-12-13 15:40 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2008-12-10 15:13 . 2009-01-31 18:10 <DIR> d-------- c:\program files\PeerGuardian2 2008-12-10 11:01 . 2009-01-09 20:30 <DIR> d-------- c:\documents and settings\Biff\Application Data\uTorrent 2008-12-09 18:59 . 2008-12-09 19:00 <DIR> d-------- c:\documents and settings\Biff\Application Data\vlc 2008-12-05 13:32 . 2008-12-05 13:28 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 10:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-31 10:54 --------- d-----w c:\program files\SpywareBlaster 2009-01-31 05:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-30 04:10 --------- d-----w c:\program files\a-squared Free 2009-01-29 22:33 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-27 04:44 --------- d-----w c:\program files\VideoReDoPlus 2009-01-24 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-22 01:19 --------- d-----w c:\program files\SUPERAntiSpyware 2009-01-15 08:52 --------- d-----w c:\documents and settings\Biff\Application Data\GrabIt 2008-12-27 06:29 --------- d-----w c:\program files\CCleaner 2008-12-13 18:18 --------- d-----w c:\program files\Nokia 2008-12-13 18:18 --------- d-----w c:\program files\Common Files\Nokia 2008-12-13 04:38 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-04 11:03 --------- d-----w c:\documents and settings\Biff\Application Data\Nokia Multimedia Player 2008-12-04 03:30 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2007-10-08 06:33 8 ----a-w c:\documents and settings\Biff\Application Data\usb.dat.bin 2007-02-14 03:23 87,608 ----a-w c:\documents and settings\Biff\Application Data\ezpinst.exe 2007-02-14 03:23 47,360 ----a-w c:\documents and settings\Biff\Application Data\pcouffin.sys 2008-09-17 07:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091720080918\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-22 1830128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LeechGet"="c:\program files\LeechGet 2007\LeechGet.exe" [2007-05-31 742912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-04-03 26624] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-07-25 1043968] "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-04 1797880] "COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-04 1797880] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE] "nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ gwum.lnk - c:\program files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe [2004-09-17 475136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-01 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-04 09:57 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\system32\ctmp3.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\NeverwinterNights\\NWN\\nwmain.exe"= "c:\\NeverwinterNights\\NWN\\nwupdate.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-10-01 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-10-01 31504] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 55024] R3 CXAVSAUD;FusionHDTV 880, WDM Audio Capture;c:\windows\system32\drivers\zl88aud.sys [2008-10-23 9216] R3 MarkFun_NT;MarkFun_NT;c:\program files\GigaByte\Gigabyte Windows Utility Manager\MARKFUN.W32 [2004-09-17 8236] R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-09-18 333328] R3 Zulu88BDA;FusionHDTV 88x, BDA DVB Tuner/Demod;c:\windows\system32\drivers\zl88bda.sys [2008-10-23 168320] R3 Zulu88Ts;FusionHDTV 88x, BDA Receiver(DVB-T);c:\windows\system32\drivers\zl88tcap.sys [2008-10-23 19200] R4 cx88xbar;FusionHDTV 88x, WDM Crossbar;c:\windows\system32\drivers\zl88xbar.sys [2008-10-23 10368] R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-09-18 36368] R4 Zulu88Tune;FusionHDTV 88x, WDM Tuner(DVBT-Hybrid1);c:\windows\system32\drivers\zl88tune.sys [2008-10-23 167424] R4 Zulu88Vid;FusionHDTV 88x, WDM Video Capture;c:\windows\system32\drivers\zl88vcap.sys [2008-10-23 189312] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-07-26 2944] S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2006-07-26 3168] S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2006-07-26 39552] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys --> c:\windows\system32\drivers\cmudax.sys [?] S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~2\TmPfw.exe [2008-10-01 488768] S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-10-01 648456] S4 BT848;FusionHDTV, WDM Video Capture;c:\windows\system32\drivers\ZuluVcap.sys [2008-10-23 62208] S4 BT878;FusionHDTV, BDA Receiver(ATSC-A);c:\windows\system32\drivers\ZuluTcap.sys [2008-10-23 26112] S4 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe --> c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [?] S4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-10-01 52240] S4 ZuluTune;FusionHDTV, WDM Tuner(DVB-T1) ;c:\windows\system32\drivers\ZuluTune.sys [2008-10-23 222592] S4 zuluxbar;FusionHDTV, WDM Crossbar (Tuner/SVHS/Video);c:\windows\system32\drivers\ZuluXbar.sys [2008-10-23 9728] . Contents of the 'Scheduled Tasks' folder 2009-01-28 c:\windows\Tasks\Temp.job - c:\windows\Temp [2009-02-01 10:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://login.passport.net/uilogin.srf?lc=3081&id=2 IE: ?? FlashGet ?? IE: ???? FlashGet ?? IE: Download using LeechGet - file://c:\program files\LeechGet 2007\\AddUrl.html IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2007\\Wizard.html IE: Parse with LeechGet - file://c:\program files\LeechGet 2007\\Parser.html IE: ?? FlashGet ?? - c:\program files\FlashGet\jc_link.htm IE: ???? FlashGet ?? - c:\program files\FlashGet\jc_all.htm FF - ProfilePath - c:\documents and settings\Biff\Application Data\Mozilla\Firefox\Profiles\l9v7ycd7.default\ FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/ FF - prefs.js: network.proxy.http - proxy2.tpgi.com.au FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLeechGet.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 10:45:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MarkFun_NT] "ImagePath"="\??\c:\program files\GigaByte\Gigabyte Windows Utility Manager\markfun.w32" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-436374069-1417001333-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:77,d7,29,c4,f9,87,4a,a8,64,ab,0c,7a,70,c5,2d,97,21,3f,e6,04,96,e6,af, 09,b3,dd,64,db,13,4a,84,51,1e,3b,38,2d,e1,f8,b1,b9,02,d5,18,74,70,5c,6d,1e,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\a-squared Free\a2service.exe c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe c:\program files\COMODO\Firewall\cmdagent.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\rundll32.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe c:\windows\system32\wscntfy.exe c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe . ************************************************************************** . Completion time: 2009-02-01 10:49:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-31 23:49:02 Pre-Run: 33,319,735,296 bytes free Post-Run: 33,301,323,776 bytes free 207 --- E O F --- 2009-01-13 22:21:59 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:10, on 2009-02-01 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\Internet Security\UfNavi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=3081&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2007\LeechGet.exe" -intray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: gwum.lnk = C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120721159640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136158358125 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 7646 bytes

Malwarebytes' Anti-Malware 1.33 Database version: 1712 Windows 5.1.2600 Service Pack 3 2009-01-31 21:10:59 mbam-log-2009-01-31 (21-10-59).txt Scan type: Quick Scan Objects scanned: 58818 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:24:04, on 2009-01-31 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LeechGet 2007\LeechGet.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=3081&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2007\LeechGet.exe" -intray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: gwum.lnk = C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120721159640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136158358125 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 8319 bytes

malwarebytes and spyware blaster cannot install getting runtime error 0 and 440. cannot uninstall gmer as well.

o.k thanks for your help

here is the file gmer zip thanks for your reply. gmerlog.zip.zip gmerlog.zip.zip

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:52, on 2009-01-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LeechGet 2007\LeechGet.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=3081&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2007\LeechGet.exe" -intray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: gwum.lnk = C:\Program Files\GigaByte\Gigabyte Windows Utility Manager\gwum.exe O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120721159640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136158358125 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 8307 bytes syperantispyware picked this up but trend antivirus did not. malwarebytes is not working and have gmer and rsit installed but gmer picked up nothing.

hello got runtime error 440 and 0 today for malwarebytes. installed rsit and gmer before. Gmer picked up nothing. however getting this runtime error after installing gmer and rsit. How do i uninstall gmer and rsit and unsure if still have adware. before malwarebytes,spybot,antivirus picked up nothing.