Rogue Malware Help Needed!!!"Program Compability Assistant" - "This program requires a missing codec"

[jmls44]

Hi,

Recently my computer was infected with the "desktop security" malware bug and I was able to eliminate it using Malwarebytes. However now my computer comes up with a pop-up messaging when I try to access a variety of programs (Windows Media Player, Windows Live Messenger; etc.) that reads "Program Compability Assistant" and states that "This program requires a missing codec". It refuses to allow the programs to load, and when I follow the prompts given, it takes me to a website asking me to download the "Total Codec Pack" at a fee of course. I've tried to follow along the instructions provided for a user with the same issue, but to no avail. Also, I downloaded and ran both exeHelper.com and rkill.com in a failed attempt to fix the malware problem, and although this seemed to get rid of the "security desktop 2010" malware, it was replaced with the "Program Compability Assistant" malware issue I now CANT get rid of!

Here is my HijackThis log file, and I am hopeful one of the great staff members here will be able to assist me in resolving the issue.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:47:33 PM, on 6/14/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Fingerprint Sensor\AtService.exe

C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

c:\Program Files\ActivIdentity\ActivClient\accoca.exe

C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

C:\WINDOWS\system32\ifxspmgt.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe

C:\WINDOWS\system32\ifxtcs.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

C:\WINDOWS\system32\lxdxcoms.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\program files\quicktime\qtsystem\quicktime.resources\zh_tw.lproj\quicktimequicktime7.6.2.exe

C:\program files\quicktime\propertypanels\panelhelperbase.resources\da.lproj\quicktimeresourcesquicktime.exe

C:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\system32\IfxPsdSv.exe

C:\Program Files\stickies\stickies.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WebUpdateSvc4.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

c:\program files\mozilla firefox\o.dat

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [iFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"

O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sqliteDatabase] C:\Program Files\Mozilla Firefox\o.dat

O4 - HKLM\..\Run: [systemService] c:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

O4 - HKLM\..\Run: [QuickTimeQuickTime] C:\program files\quicktime\qtsystem\quicktime.resources\zh_tw.lproj\quicktimequicktime7.6.2.exe

O4 - HKLM\..\Run: [QuickTimeQuickTimeResources] c:\program files\quicktime\propertypanels\panelhelperbase.resources\da.lproj\quicktimeresourcesquicktime.exe

O4 - HKLM\..\Run: [systemProgram] C:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\RunServices: [xpcomsmime3] C:\Program Files\Mozilla Firefox\o.dat

O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\propertypanels\proppanelhelpers.resources\nl.lproj\quicktimeresourcesquicktimeresources.exe

O4 - HKLM\..\RunServices: [updateSoftwareUpdateLocalized] c:\program files\apple software update\softwareupdate.resources\en.lproj\updateupdate.exe

O4 - HKLM\..\RunServices: [RuntimeControl] c:\program files\ati technologies\ati.ace\graphics-light\es\centrecatalyst.exe

O4 - HKLM\..\RunServices: [QuickTimeQuickTime] C:\program files\quicktime\qtsystem\quicktime.resources\zh_tw.lproj\quicktimequicktime7.6.2.exe

O4 - HKLM\..\RunServices: [systemacexbe] C:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\8.tmp

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll

O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll

O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe

O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe

O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--

End of file - 16971 bytes

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.
  

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• GMER log
  

[jmls44]

[Elise]

Okay, I will wait for your GMER log. Please let me know if you run into any trouble. If GMER somehow crashes, try to run it with only the sections option checked.

[jmls44]

As you warned I had some problems with GMER crashing and subsequently stalling my laptop, BUT per your instructions I ran the program one last time with just the "sections" box checked and it seemed to work. Whats next?

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-15 17:27:49

Windows 5.1.2600 Service Pack 3

Running: i297mf38.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyraoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xA8EDE000, 0x18A386, 0xE8000020]

---- EOF - GMER 1.0.15 ----

[jmls44]

Iam still experiencing the same malware problems. What should I do next???

[Elise]

Hello there,

Don't worry, until now we did only some steps to get some log input so its only normal nothing has improved so far

Now lets start some fixing. Please keep me posted on how things are running afterwards.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[jmls44]

Elise,

I followed your instructions and the last cleaning tool you had me use seems to have fixed the problem. All the programs that I was unable to use are now all functioning properly. You are a life saver, THANK YOU!!!!! Per your request I have attached my "ComboFix" log below:

ComboFix 10-06-15.04 - Administrator 06/16/2010 13:02:25.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.853 [GMT -4:00]

Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\xpsp1hfm.log

.

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))

.

2010-06-16 16:54 . 2010-06-16 16:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9

2010-06-16 03:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-16 03:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-15 16:24 . 2010-06-15 16:24 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-06-15 16:24 . 2010-06-15 16:24 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-06-14 22:42 . 2010-06-14 22:42 -------- d-----w- c:\program files\Trend Micro

2010-06-14 17:21 . 2010-06-14 17:21 -------- d-----w- C:\$AVG

2010-06-14 17:17 . 2010-06-15 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-06-13 22:24 . 2010-06-13 22:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee

2010-06-13 22:18 . 2010-06-13 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-13 21:53 . 2004-08-04 08:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-06-13 21:30 . 2010-06-13 22:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\JockerSoft

2010-06-13 21:30 . 2010-06-13 22:13 -------- d-----w- c:\program files\JockerSoft

2010-06-13 20:41 . 2010-06-13 20:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-13 20:41 . 2010-06-16 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-13 20:41 . 2010-06-13 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-09 00:46 . 2010-06-14 16:54 -------- d-----w- c:\program files\LimeWire

2010-06-04 23:22 . 2010-06-04 23:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LuminareSoft

2010-06-04 23:18 . 2010-06-04 23:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IsolatedStorage

2010-06-04 23:18 . 2010-06-04 23:18 -------- d-----w- c:\program files\LuminareSoft

2010-06-04 23:18 . 2010-06-04 23:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\LuminareSoft

2010-05-26 06:44 . 2010-05-26 06:44 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67a06b17-n\msvcp71.dll

2010-05-26 06:44 . 2010-05-26 06:44 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67a06b17-n\jmc.dll

2010-05-26 06:44 . 2010-05-26 06:44 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67a06b17-n\msvcr71.dll

2010-05-26 06:44 . 2010-05-26 06:44 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49b1bdb3-n\decora-sse.dll

2010-05-26 06:44 . 2010-05-26 06:44 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49b1bdb3-n\decora-d3d.dll

2010-05-18 04:54 . 2010-05-18 04:54 -------- d-----w- c:\program files\StudySmartFirstYear

2010-05-18 04:47 . 2010-05-18 04:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\ThomsonWest

2010-05-18 04:47 . 2010-05-18 04:47 -------- d-----w- c:\program files\StudySmart

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-16 17:11 . 2010-01-28 01:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\stickies

2010-06-15 16:23 . 2009-05-28 00:44 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-15 16:23 . 2009-05-28 00:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-14 17:20 . 2009-05-28 00:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 17:20 . 2009-05-28 00:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-14 17:20 . 2009-06-28 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-06-14 17:17 . 2009-05-28 00:44 -------- d-----w- c:\program files\AVG

2010-06-10 07:16 . 2009-05-20 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-02 07:17 . 2009-06-02 20:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-15 00:50 . 2010-05-15 00:50 -------- d-----w- c:\program files\Common Files\Java

2010-05-15 00:49 . 2010-05-15 00:49 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f8d6fda-n\msvcp71.dll

2010-05-15 00:49 . 2010-05-15 00:49 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f8d6fda-n\jmc.dll

2010-05-15 00:49 . 2010-05-15 00:49 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f8d6fda-n\msvcr71.dll

2010-05-15 00:48 . 2010-05-15 00:48 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4be70564-n\decora-sse.dll

2010-05-15 00:48 . 2010-05-15 00:48 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4be70564-n\decora-d3d.dll

2010-05-15 00:48 . 2009-09-01 00:12 -------- d-----w- c:\program files\Java

2010-05-13 22:33 . 2010-05-13 22:33 23040 ----a-w- c:\windows\system32\drivers\MOUCLASS.SYS

2010-05-04 16:02 . 2009-07-10 14:12 -------- d-----w- c:\program files\Electronic Bluebook

2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 06:03 . 2010-04-23 06:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:09 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:09 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-04-14 16:16 . 2010-04-14 16:16 232630 ----a-w- c:\documents and settings\All Users\SPL1.tmp

2010-04-12 21:29 . 2010-05-15 00:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-03-24 22:03 . 2009-08-06 04:41 256 ----a-w- c:\windows\system32\pool.bin

2010-03-23 01:11 . 2010-03-05 04:33 1925088 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]

"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-04-21 1090840]

"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]

"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SQLiteDatabase"="c:\program files\Mozilla Firefox\o.dat" [2010-06-13 171520]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-15 2065248]

"ServicesDatabase"="c:\program files\mozilla firefox\o.dat" [2010-06-13 171520]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Stickies.lnk - c:\program files\stickies\stickies.exe [2010-1-27 1101824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-5-27 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-06-14 17:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2008-04-21 15:48 69632 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\lxdxcoms.exe"=

"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=

"c:\\WINDOWS\\system32\\lxdxcfg.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [5/19/2009 7:54 PM 174600]

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [5/19/2009 8:18 PM 15416]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/30/2008 12:36 PM 108752]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/30/2008 12:37 PM 51376]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/30/2008 12:37 PM 12928]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2009 8:44 PM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2009 8:44 PM 242896]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [3/21/2008 5:54 PM 39712]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/30/2008 12:37 PM 12496]

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 7:08 PM 182576]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 6:11 PM 1176824]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/14/2010 1:19 PM 308064]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/2/2008 1:32 PM 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/30/2008 12:36 PM 256512]

R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [5/27/2009 8:27 PM 77824]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [5/27/2009 8:24 PM 576024]

R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [10/10/2007 4:33 AM 237784]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 4:29 PM 475520]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [5/19/2009 9:18 PM 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 3:16 PM 44800]

S1 MpKsl30e89808;MpKsl30e89808;\??\c:\windows\system32\MpEngineStore\MpKsl30e89808.sys --> c:\windows\system32\MpEngineStore\MpKsl30e89808.sys [?]

S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [10/12/2009 7:17 PM 98984]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/14/2010 1:20 PM 430152]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [5/27/2009 8:27 PM 32256]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/21/2008 1:27 PM 349432]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 8:12 AM 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

.

Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd6gw83e.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

HKLM-Run-systemService - c:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

HKLM-Run-QuickTimeQuickTime - c:\program files\quicktime\qtsystem\quicktime.resources\zh_tw.lproj\quicktimequicktime7.6.2.exe

HKLM-Run-QuickTimeQuickTimeResources - c:\program files\quicktime\propertypanels\panelhelperbase.resources\da.lproj\quicktimeresourcesquicktime.exe

HKLM-Run-systemProgram - c:\program files\common files\microsoft shared\office12\expxpsoptinps.exe

AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-16 13:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)

c:\windows\system32\ackpbsc.dll

c:\windows\system32\aclog.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program files\Hewlett-Packard\IAM\bin\brand.dll

c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll

c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

c:\windows\system32\DeviceNP.dll

c:\windows\system32\SSREGLIB.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll

c:\windows\system32\acomx.dll

c:\windows\system32\acbsi21.dll

c:\program files\Hewlett-Packard\DeviceAccessManager\0009\PTDMLiteResource.dll

c:\windows\system32\flcdlmsg.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL

c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll

c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll

- - - - - - - > 'explorer.exe'(7708)

c:\windows\system32\APSHook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\ifxtcs.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdxcoms.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\IfxPsdSv.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\program files\Lexmark 3600-4600 Series\lxdxMsdMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\mqsvc.exe

c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

c:\windows\system32\mqtgsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

.

**************************************************************************

.

Completion time: 2010-06-16 13:17:13 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-16 17:17

Pre-Run: 70,495,076,352 bytes free

Post-Run: 72,612,585,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 81644968A13A40693648F03BA1D3F887

[Elise]

Hello there,

I'm glad to hear things have improved so much

Things look a lot better now in your log. Please let me know if there are any problems left at this point.

Please launch MBAM, update it first and run a full scan. Post me the resulting log.

[Elise]

Hello, are you still there?

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.