Frequent BSOD's and stalled start-ups

Gabriel85 · February 26, 2010

I was re-directed here from:

to fix a possible problem with my computer. i have noticed that my computer has been stalling upon start up and there have been random blue screens (mainly driver_irql_not_less_or_equal).

Can someone look at this log and let me know if there is something i can do. if its just my computer being stupid, can someone let me know if there is anything i can do to possibly increase my startup speed (other than more RAM/removing shortcuts)? i have disabled a bunch of crap start-ups which i triple checked online before messing with in msconfig many months ago.

i did see IE7 Grab and drag in the log file which i thought i removed a while ago. is there any way i can get rid of this for sure this time around???

many thanks!!!

ps-

i do MWB scans weekly so i dont think its an infestation and i am aware that i have avast and antivir operating at the same time. i removed avg since it was a complete resource hog and im sick of it. meanwhile these two have been keeping me really safe.

hijackthis2_23_10.txt

marktreg · February 26, 2010

EDIT: Removed my post as I didn't realise I was posting in the HJT logs forum. Sorry about that.

Gabriel85 · March 6, 2010

BUMP!!!!!!!!!! its restarting for no reason at times how :huh:

screen317 · March 7, 2010

Hi and welcome to Malwarebytes.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post both logs (do not attach them).

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Gabriel85 · March 7, 2010

Hi and welcome to Malwarebytes.
Download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post both logs (do not attach them).
Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.
-screen317

Thanks.

Here is the DDS report:

DDS (Ver_09-12-01.01) - NTFSx86

Run by Robert Baron at 18:29:37.59 on Sun 03/07/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1464 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 100307-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Razer\Lachesis\razerhid.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Razer\Lachesis\OSD.exe

C:\Program Files\Razer\Lachesis\razertra.exe

C:\Program Files\Razer\Lachesis\razerofa.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Robert Baron\Desktop\DL's\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mURLSearchHooks: H - No File

BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"

mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\robert~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll

IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\5tmcmz2o.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-20 114768]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-19 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-19 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-19 185089]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-20 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-20 138680]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-19 56816]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-26 12672]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-20 352920]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-6-27 12032]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-1-2 14856]

S1 atmunii;atmunii;c:\windows\system32\drivers\atmunii.sys --> c:\windows\system32\drivers\atmunii.sys [?]

S2 984251A3633B44F4;984251A3633B44F4;\??\c:\documents and settings\robert baron\984251a3633b44f4\984251a3633b44f4 --> c:\documents and settings\robert baron\984251a3633b44f4\984251A3633B44F4 [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-7-19 16512]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-20 254040]

S3 cpuz130;cpuz130;\??\c:\docume~1\robert~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\robert~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-8-14 36928]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

=============== Created Last 30 ================

2010-03-07 15:57:53 0 d-----w- c:\program files\common files\Futuremark Shared

2010-03-06 00:58:41 0 d-----w- C:\Fraps

2010-03-04 09:26:04 86016 ----a-w- c:\windows\system32\frapsvid.dll

2010-03-03 03:44:25 249856 ----a-w- c:\windows\system32\Lachesis.cpl

2010-03-03 03:00:00 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-02-27 03:15:30 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM

2010-02-27 03:15:18 0 d-----w- c:\program files\AIM

2010-02-27 03:15:16 0 d-----w- c:\program files\common files\Software Update Utility

2010-02-27 01:33:20 0 d-----w- c:\windows\system32\scripting

2010-02-27 01:33:20 0 d-----w- c:\windows\system32\en

2010-02-27 01:33:20 0 d-----w- c:\windows\system32\bits

2010-02-27 01:33:20 0 d-----w- c:\windows\l2schemas

2010-02-26 16:49:06 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2010-02-26 16:49:05 0 d-----w- c:\program files\CPUID

2010-02-26 16:39:16 0 d-----w- c:\windows\Performance

2010-02-26 16:38:57 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2010-02-22 04:35:16 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-02-22 04:35:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-02-22 04:35:16 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-02-22 04:35:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll

2010-02-22 04:35:16 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-02-22 04:34:58 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-02-22 04:34:30 66714 ----a-w- c:\windows\system32\NvwsApps.xml

2010-02-22 04:34:30 272187 ----a-w- c:\windows\system32\NvApps.xml

2010-02-06 21:24:35 0 d-----w- c:\docume~1\robert~1\applic~1\Bioshock2

2010-02-06 21:20:18 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM

2010-02-06 21:18:48 0 d-----w- c:\windows\system32\xlive

2010-02-06 21:18:47 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-02-06 21:07:19 0 d-----w- c:\program files\2K Games

==================== Find3M ====================

2010-03-07 22:12:52 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-03-07 22:12:43 215128 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-03-03 03:00:25 138056 ----a-w- c:\docume~1\robert~1\applic~1\PnkBstrK.sys

2010-03-03 03:00:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-02-28 16:07:16 67820 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-22 05:18:39 592488 ----a-w- c:\windows\system32\nvudisp.exe

2010-02-10 17:41:46 592488 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 19:30:43 32653 ----a-w- c:\windows\scunin.dat

2009-12-31 19:30:42 70656 ----a-w- c:\windows\ScUnin.exe

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll

2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll

============= FINISH: 18:30:20.02 ===============

Attach report:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/26/2008 8:44:24 PM

System Uptime: 3/7/2010 6:12:28 PM (0 hours ago)

Motherboard: Dell Inc. | | 0U723D

Processor: Intel® Core2 Extreme CPU Q6850 @ 3.00GHz | Microprocessor | 2999/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 461 GiB total, 255.24 GiB free.

D: is CDROM ()

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_1058&PID_1100\57442D574341554830303332383934

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_1058&PID_1100\57442D574341554830303332383934

Service: USBSTOR

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Unimodem Half-Duplex Audio Device

Device ID: MODEMWAVE\0\{B278FDAB-747F-45D3-B80D-4EFD16B5EED3}

Manufacturer: Microsoft

Name: Unimodem Half-Duplex Audio Device

PNP Device ID: MODEMWAVE\0\{B278FDAB-747F-45D3-B80D-4EFD16B5EED3}

Service: MODEMCSA

==== System Restore Points ===================

RP178: 12/4/2009 7:38:07 PM - Installed DirectX

RP179: 12/5/2009 11:40:17 PM - System Checkpoint

RP180: 12/12/2009 10:58:19 AM - Software Distribution Service 3.0

RP181: 12/13/2009 12:13:17 PM - System Checkpoint

RP182: 12/13/2009 10:27:45 PM - Removed Battlefield 2142 Deluxe Edition

RP183: 12/13/2009 10:28:38 PM - Removed Battlefield 2: Deluxe Edition

RP184: 12/13/2009 10:30:18 PM - Removed Call of Duty® - World at War

RP185: 12/18/2009 2:57:53 PM - System Checkpoint

RP186: 12/23/2009 7:20:23 PM - System Checkpoint

RP187: 12/25/2009 12:00:41 AM - System Checkpoint

RP188: 12/30/2009 2:42:54 PM - System Checkpoint

RP189: 1/3/2010 1:36:59 PM - System Checkpoint

RP190: 1/3/2010 5:55:26 PM - Installed DirectX

RP191: 1/3/2010 5:57:55 PM - Installed DirectX

RP192: 1/10/2010 1:00:18 PM - System Checkpoint

RP193: 1/10/2010 2:22:01 PM - Removed Command & Conquer

screen317 · March 11, 2010

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Gabriel85 · March 12, 2010

Log files below, once again thank you for the support.

I know a little about HJThis and noticed that i saw registry entries for IEgrabpro. i thought i removed this a long time ago. Could you help me remove this?

Lastly, i cant believe i forgot about this but is there anyway we can get rid of this stupid alert?

http://img651.imageshack.us/img651/8255/xpackgenalert.jpg

I recall a while back that this was caused by Call of Duty modern warfare 2 and just ignored it. Can i please get this removed?

THANKS!!!! :lol: :lol: :lol:

COMBOFIX

ComboFix 10-03-12.02 - Robert Baron 03/12/2010 18:21:09.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1469 [GMT -5:00]

Running from: c:\documents and settings\Robert Baron\Desktop\DL's\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 100312-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Robert Baron\Application Data\.#

c:\documents and settings\Robert Baron\Application Data\.#\MBX@11A0@13337D8.###

c:\documents and settings\Robert Baron\Application Data\.#\MBX@11A0@13337E8.###

c:\windows\jestertb.dll

----- BITS: Possible infected sites -----

hxxp://au.dowj+|Cv+@J:NGD_DQ{zcxLJS@r

.

((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))

.

2010-03-12 03:36 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 03:58 . 2010-03-09 03:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\SupportSoft

2010-03-07 23:46 . 2010-03-07 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-03-07 15:57 . 2010-03-07 15:57 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2010-03-06 00:58 . 2010-03-06 01:07 -------- d-----w- C:\Fraps

2010-03-04 09:26 . 2010-03-04 09:26 86016 ----a-w- c:\windows\system32\frapsvid.dll

2010-03-03 03:44 . 2010-03-03 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Razer

2010-03-03 03:44 . 2010-03-03 03:44 -------- d-----w- c:\program files\Razer

2010-03-03 03:06 . 2010-03-05 03:24 38784 ----a-w- c:\documents and settings\Robert Baron\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-03 03:06 . 2010-03-05 03:24 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-03-03 03:00 . 2010-03-03 03:00 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-02-27 03:15 . 2010-02-27 03:15 -------- d-----w- c:\documents and settings\Robert Baron\Local Settings\Application Data\AIM

2010-02-27 03:15 . 2010-02-27 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM

2010-02-27 03:15 . 2010-02-27 03:15 -------- d-----w- c:\program files\AIM

2010-02-27 03:15 . 2010-02-27 03:15 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-02-27 01:33 . 2010-02-27 01:33 -------- d-----w- c:\windows\system32\scripting

2010-02-27 01:33 . 2010-02-27 01:33 -------- d-----w- c:\windows\system32\en

2010-02-27 01:33 . 2010-02-27 01:33 -------- d-----w- c:\windows\system32\bits

2010-02-27 01:33 . 2010-02-27 01:33 -------- d-----w- c:\windows\l2schemas

2010-02-26 16:49 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2010-02-26 16:49 . 2010-02-26 16:49 -------- d-----w- c:\program files\CPUID

2010-02-26 16:39 . 2010-02-26 16:39 -------- d-----w- c:\windows\Performance

2010-02-26 16:39 . 2010-02-26 16:39 -------- d-----w- c:\documents and settings\Robert Baron\Local Settings\Application Data\Microsoft Corporation

2010-02-26 16:38 . 2010-02-26 16:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2010-02-22 04:35 . 2010-02-22 04:35 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-02-22 04:35 . 2010-02-22 04:35 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-02-22 04:35 . 2010-02-22 04:35 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-02-22 04:35 . 2010-02-22 04:35 13670504 ----a-w- c:\windows\system32\nvcpl.dll

2010-02-22 04:35 . 2010-02-22 04:35 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-02-22 04:34 . 2010-02-22 04:34 81920 ----a-w- c:\windows\system32\nvwddi.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-12 22:53 . 2008-06-20 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-08 03:39 . 2008-06-27 03:42 215128 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-03-08 00:15 . 2008-06-27 03:42 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-03-07 23:25 . 2008-06-27 01:20 -------- d-----w- c:\program files\Steam

2010-03-07 15:57 . 2008-06-20 16:17 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-04 04:08 . 2009-09-04 16:36 -------- d-----w- c:\program files\NVIDIA Corporation

2010-03-04 04:07 . 2008-06-27 04:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-03-03 03:07 . 2009-02-20 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2010-03-03 03:00 . 2008-06-27 03:42 138056 ----a-w- c:\documents and settings\Robert Baron\Application Data\PnkBstrK.sys

2010-03-03 03:00 . 2008-06-27 03:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-03-03 02:41 . 2008-06-29 15:38 -------- d-----w- c:\program files\Electronic Arts

2010-02-28 21:27 . 2009-04-17 02:14 -------- d-----w- c:\program files\Diablo II

2010-02-28 16:07 . 2009-12-20 03:12 67820 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-27 16:31 . 2008-06-20 16:37 85848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-27 03:14 . 2008-06-28 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads

2010-02-27 01:35 . 2005-08-16 09:41 88795 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-22 05:18 . 2008-06-20 16:00 592488 ----a-w- c:\windows\system32\nvudisp.exe

2010-02-20 02:34 . 2010-01-24 19:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-14 21:25 . 2010-02-06 21:24 -------- d-----w- c:\documents and settings\Robert Baron\Application Data\Bioshock2

2010-02-13 08:37 . 2010-01-24 19:49 117760 ----a-w- c:\documents and settings\Robert Baron\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-02-13 08:35 . 2008-12-20 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-10 17:41 . 2008-06-20 16:17 592488 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-02-06 21:20 . 2010-02-06 21:20 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM

2010-02-06 21:18 . 2010-02-06 21:18 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-02-06 21:07 . 2010-02-06 21:07 -------- d-----w- c:\program files\2K Games

2010-01-29 02:05 . 2009-05-10 21:51 25 ----a-w- c:\windows\popcinfot.dat

2010-01-26 02:14 . 2009-12-30 00:41 -------- d-----w- c:\documents and settings\Robert Baron\Application Data\Skype

2010-01-26 02:08 . 2009-12-30 00:44 -------- d-----w- c:\documents and settings\Robert Baron\Application Data\skypePM

2010-01-24 19:49 . 2010-01-24 19:49 52224 ----a-w- c:\documents and settings\Robert Baron\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-24 19:49 . 2010-01-24 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-01-24 19:49 . 2010-01-24 19:49 -------- d-----w- c:\documents and settings\Robert Baron\Application Data\SUPERAntiSpyware.com

2010-01-24 19:48 . 2008-12-21 05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-24 19:47 . 2009-01-11 05:43 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-12 04:03 . 2009-11-28 08:26 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-01-12 04:03 . 2009-11-28 08:26 11632640 ----a-w- c:\windows\system32\nvcompiler.dll

2010-01-12 04:03 . 2009-06-10 10:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-01-12 04:03 . 2009-06-10 10:03 2283526 ----a-w- c:\windows\system32\nvdata.bin

2010-01-12 04:03 . 2009-03-27 14:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll

2010-01-12 04:03 . 2008-06-20 15:57 14458880 ----a-w- c:\windows\system32\nvoglnt.dll

2010-01-12 04:03 . 2008-06-20 15:57 182888 ----a-w- c:\windows\system32\nvcodins.dll

2010-01-12 04:03 . 2008-06-20 15:57 182888 ----a-w- c:\windows\system32\nvcod.dll

2010-01-12 04:03 . 2008-06-20 15:57 1081344 ----a-w- c:\windows\system32\nvapi.dll

2010-01-12 04:03 . 2008-05-16 18:01 4104192 ----a-w- c:\windows\system32\nvcuda.dll

2010-01-12 04:03 . 2005-08-16 09:35 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-01-12 04:03 . 2005-08-16 09:35 6359168 ----a-w- c:\windows\system32\nv4_disp.dll

2010-01-09 16:28 . 2009-07-03 03:18 10134 ----a-r- c:\documents and settings\Robert Baron\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe

2010-01-07 21:07 . 2008-12-21 05:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 21:07 . 2008-12-21 05:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2009-04-11 19:20 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 19:30 . 2009-12-31 19:27 32653 ----a-w- c:\windows\scunin.dat

2009-12-31 19:30 . 2009-12-31 19:27 967 ----a-w- c:\windows\ScUnin.pif

2009-12-31 19:30 . 2009-12-31 19:27 70656 ----a-w- c:\windows\ScUnin.exe

2009-12-31 16:50 . 2005-08-16 09:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 00:44 . 2009-12-30 00:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-16 18:43 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2008-07-20 03:43 . 2008-07-20 02:42 72 --sh--w- c:\windows\SCABF45AC.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]

c:\documents and settings\Robert Baron\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-06-20 16:31 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk

backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

2003-06-18 06:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-12-12 14:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-03-02 02:00 18944 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-04-04 22:48 1236992 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]

2007-09-28 18:30 936960 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MSSQL$MSSMLBIZ"=3 (0x3)

"SQLWriter"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"RemoteRegistry"=2 (0x2)

"mnmsrvc"=3 (0x3)

"GoToAssist"=3 (0x3)

"Fax"=2 (0x2)

"Bonjour Service"=2 (0x2)

"BcmSqlStartupSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\team fortress 2\\hl2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\zombie panic! source\\hl2.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\IEPro\\MiniDM.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\age of chivalry\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\source sdk base\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\half-life deathmatch source\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\half-life 2 deathmatch\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\day of defeat source\\hl2.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\killingfloor\\System\\KillingFloor.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\zombie driver\\Release\\ZombieDriver.exe"=

"c:\\Program Files\\Steam\\SteamApps\\the_shadow114\\source sdk base 2007\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=

"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7777:TCP"= 7777:TCP:*:Disabled:border1

"7777:UDP"= 7777:UDP:*:Disabled:border1b

"28900:TCP"= 28900:TCP:*:Disabled:border2

"27900:UDP"= 27900:UDP:*:Disabled:border3

"28910:TCP"= 28910:TCP:*:Disabled:border4

"6500:UDP"= 6500:UDP:*:Disabled:border5

"9989:UDP"= 9989:UDP:*:Disabled:border6

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/20/2008 8:43 PM 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 66632]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/19/2009 12:59 AM 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/20/2008 8:43 PM 20560]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [6/27/2008 7:54 AM 12032]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [11/23/2009 5:37 PM 19720]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/19/2008 9:13 PM 717296]

S1 atmunii;atmunii;c:\windows\system32\drivers\atmunii.sys --> c:\windows\system32\drivers\atmunii.sys [?]

S2 984251A3633B44F4;984251A3633B44F4;\??\c:\documents and settings\Robert Baron\984251A3633B44F4\984251A3633B44F4 --> c:\documents and settings\Robert Baron\984251A3633B44F4\984251A3633B44F4 [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [7/19/2008 9:23 PM 16512]

S3 cpuz130;cpuz130;\??\c:\docume~1\ROBERT~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ROBERT~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [1/2/2010 1:29 AM 14856]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/14/2008 10:17 PM 36928]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]

.

Contents of the 'Scheduled Tasks' folder

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

FF - ProfilePath - c:\documents and settings\Robert Baron\Application Data\Mozilla\Firefox\Profiles\5tmcmz2o.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-nwiz - nwiz.exe

AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-12 18:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\ROBERT~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\984251A3633B44F4]

"ImagePath"="\??\c:\documents and settings\Robert Baron\984251A3633B44F4\984251A3633B44F4"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-882310507-3021489250-672518594-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:71,82,13,44,29,db,de,76,ad,11,b6,41,9a,82,13,63,c7,b3,48,f4,b6,95,68,

6c,74,7e,59,8b,0b,fb,95,f7,63,49,8d,0d,db,72,f2,00,93,0f,72,2e,e9,1c,3d,9b,\

"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

[HKEY_USERS\S-1-5-21-882310507-3021489250-672518594-1008\Software\SecuROM\License information*]

"datasecu"=hex:9a,d7,20,e0,86,ce,ad,42,ed,81,d9,f4,67,b6,12,61,fb,d5,8a,e5,0c,

b2,aa,8e,53,ca,c6,c8,27,d2,cf,64,d6,68,de,30,53,f5,a2,ee,db,4d,4d,ff,7f,6d,\

"rkeysecu"=hex:dd,cf,85,6e,87,f5,ec,f1,16,38,96,de,cb,e4,6b,0f

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

.

Completion time: 2010-03-12 18:30:08

ComboFix-quarantined-files.txt 2010-03-12 23:30

Pre-Run: 279,680,913,408 bytes free

Post-Run: 279,655,391,232 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 35C66A216860A296C16E08323904A692

HJTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:35:09 PM, on 3/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080620

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wapp.verizon.net/bookmarks/bmredir....&bm=ms_home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 8163 bytes

screen317 · March 12, 2010

Hi,

I fixed the image link in your post.

The image you posted shows that your antivirus software is conflicting with one another.

I notice that you are using more than one antivirus program (Avira and avast). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

IEgrabpro

IE7Pro

Restart your computer.

Get the latest version of Java and Adobe Reader.

Next, run ComboFix again and post its log.

-screen317

Gabriel85 · March 13, 2010

IEpro removed, java updated, avira removed. i use foxit reader since adobe gives me nothing but problems. is that okay?

COMBOFIX

ComboFix 10-03-12.02 - Robert Baron 03/12/2010 22:07:14.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1521 [GMT -5:00]

Running from: c:\documents and settings\Robert Baron\Desktop\DL's\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100313-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))

.

2010-03-13 03:02 . 2010-03-13 03:02 503808 ----a-w- c:\documents and settings\Robert Baron\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c7303e9-n\msvcp71.dll

2010-03-13 03:02 . 2010-03-13 03:02 499712 ----a-w- c:\documents and settings\Robert Baron\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c7303e9-n\jmc.dll

2010-03-13 03:02 . 2010-03-13 03:02 348160 ----a-w- c:\documents and settings\Robert Baron\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c7303e9-n\msvcr71.dll

2010-03-13 03:02 . 2010-03-13 03:02 61440 ----a-w- c:\documents and settings\Robert Baron\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e15b7a0-n\decora-sse.dll

2010-03-13 03:02 . 2010-03-13 03:02 12800 ----a-w- c:\documents and settings\Robert Baron\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e15b7a0-n\decora-d3d.dll